Tips For a Stronger Password
Passwords are the gateways to our online lives. As more of our daily routines move online, the security of our passwords has never been more important. Here are some tips for strong passwords:
- Never share your passwords with others. The more people who know it, the more likely it could be inadvertently -- or even intentionally -- exposed to abuse.
- Avoid password re-use. Data breaches are an increasingly common occurrence, and you don't want one of those breaches to give the bad guys access to all of your accounts.
- Do not use a single dictionary word. Even "mixing it up" with substitutions (like '$' instead of 's') or tacking on numbers or punctuation leaves it weak against attack, because the bad guys know all those tricks.
- Longer is better! If a computer can guess a 6-character password (using upper and lower case letters and numbers) in 1 second, a 9-character password would require 4 days, and a 12-character password would need 44 centuries!
- Use a pass phrase. Instead of relying on a single word to protect your account, choose a phrase composed of multiple words; the best pass phrases are strings of unrelated words. If you're multi-lingual, combine languages!
- Use numbers and symbols in your pass phrase. For example, stick a hyphen between each word, or use substitutions like '$' for 's' and '1' for 'l'; these simple tricks are fine in a pass phrase because it is so long.
- Pass phrases are better when they are 3 or more unrelated words. "Correct-Horse-Battery-Staple" is better than "I-Like-To-Ride-Horses".
- Avoid using personal information -- such as your name or username, a pet's name, an important date, a favorite ice cream, etc. -- in any part of your password or phrase.
- Longer is better, but don't just stick an extra digit or punctuation mark on the end. Instead, add another word to your pass phrase! Given what modern computers are capable of in the hands of the bad guys, you should aim for 15 characters or more.
Ready to upgrade your password? Students and staff can use this page to change their District passwords at any time!
- Consider using a password manager. These make it easier to manage distinct passwords for each site, and can even generate long, very strong passwords for you that you never need to remember yourself. There are many out there; some popular choices include 1Password, Bitwarden, and Dashlane, but you can also use your favorite search engine to find more.
- The Electronic Frontier Foundation, itself a great resource, has put together an excellent page for generating random pass phrases using nothing more than a word list and 5 standard dice.