Information Technology A to Z Index IT Service Support Request

Password Security

Criminals have many tools in their arsenal to guess your weak passwords.  Once cracked they are shared by these thieves or sold on the dark web.  Once your password is stolen, criminals often can access personal information (e.g., financial information, health information), academic work, your emails, or University private data (e.g., PII).  They can also steal your identity.

Guidelines for Choosing a Password

  • Use at least 10 characters, the more the better.
  • Password complexity should be strong and include 3-5 characteristics below:
    • Uppercase letters of European languages (A through Z, with diacritic marks, Greek and Cyrillic characters)
    • Lowercase letters of European languages (a through z, sharp-s, with diacritic marks, Greek and Cyrillic characters)
    • Include at least one number
    • Base 10 digits (0 through 9)
    • Non-alphanumeric characters (special characters such as !, $, #, %)
    • Any Unicode character that is characterized as an alphabetic character but is not uppercase or lowercase.  This includes Unicode characters from Asian languages.
  • Don't write down your passwords.  If you MUST, keep them locked up in your desk or in a safe.
  • Select a unique password for each account.  This is helpful is one account is hacked you don't have to reset a lot of passwords.
  • Make your password easy to remember but difficult to guess--don't use words--like 'teddybear123' or dates like a birthday 'Jan12000'
  • Use a password manager like LastPass 
  • Try a passphrase instead (see below)
  • Once you have reset your password, you will need to wait 24 hours before you can reset it again.  If you need to reset your password within 24 hours of resetting via self-service, then you will need to contact the IT Service Desk for assistance at 859-622-3000

Strategies for Choosing a Good Password (Passphrases)

  • Line from a favorite song (Example: Pink Floyd's 'Comfortably Numb')
    Line from song: A distant ship smoke on the horizon, You are only coming through in waves
    Password: Ad5sothUr0ctiw#
    Substitute 5 for an S and a 0 for o with lower and upper-case
  • Line from a favorite poem (Example: Emily Dickinson's 'Success Is Counted Sweetest')
    A line from a poem: Not one of all the purple Host, Who took the Flag today
    Password: N1oatpHwttF2d$
    Substitute 1 for one and 2d for today

Avoiding Bad Passwords

  • Dictionary words (e.g., dandelion)
  • Foreign words (e.g., octobre)
  • Simple transformations of words (e.g., tiny8)
  • Names, doubled names, first name and last initials (e.g., kittykitty)
  • Uppercase or lowercase words (e.g., MAGAZINE)
  • An alphabet, keyboard or number sequence (e.g., qwertyy, 123456)
  • Very short words or just one character (e.g., hi)
  • Words that have the vowels removed (e.g., sbtrctn)
  • Phone numbers, birthdays or any other special numbers
  • Numbers substitutes for letters (e.g., 0 for O)
  • Any position of your username or account information
  • Any default passwords 
  • Don't use online password generators either because hackers have access to those too!

Do Not Reuse the same Password

When resetting your email password, you should never re-use it for other things like streaming services or online shopping.  This is a recipe for disaster.  If you do this and your account for any of these is hacked--all of your accounts have been compromised! 

When resetting your email password you cannot re-use old passwords.  

External Links

How to Secure Your Password – A Comprehensive Guide

The 2018 Global Password Security Report

‘12345’ is Really Bad: Your Ultimate Guide to Password Security