Criminals have many tools in their arsenal to guess your weak passwords. Once cracked they are shared by these thieves or sold on the dark web. Once your password is stolen, criminals often can access personal information (e.g., financial information, health information), academic work, your emails, or University private data (e.g., PII). They can also steal your identity.
Guidelines for Choosing a Password
- Use at least 10 characters, the more the better.
- Start with a letter
- Include at least one number
- Use upper- and lower-case letters AND one special character such as #, $, % etc
- Don't write down your passwords. If you MUST, keep them locked up in your desk or in a safe.
- Select a unique password for each account
- Make your password easy to remember but difficult to guess--don't use words--like 'teddybear123'
- Use a password manager like LastPass
- Try a passphrase instead
- Once you have reset your password, you will need to wait 24 hours before you can reset it again. If you need to reset your password within 24 hours of resetting via self-service, then you will need to contact the IT Service Desk for assistance at 859-622-3000
Strategies for Choosing a Good Password (Passphrases)
- Line from a favorite song (Example: Pink Floyd's 'Comfortably Numb')
Line from song: A distant ship smoke on the horizon, You are only coming through in waves
Substitute 5 for an S and a 0 for o with lower and upper-case
- Line from a favorite poem (Example: Emily Dickinson's 'Success Is Counted Sweetest')
A line from a poem: Not one of all the purple Host, Who took the Flag today
Substitute 1 for one and 2d for today
Avoiding Bad Passwords
- Dictionary words (e.g., dandelion)
- Foreign words (e.g., octobre)
- Simple transformations of words (e.g., tiny8)
- Names, doubled names, first name and last initials (e.g., kittykitty)
- Uppercase or lowercase words (e.g., MAGAZINE)
- An alphabet, keyboard or number sequence (e.g., qwertyy, 123456)
- Very short words or just one character (e.g., hi)
- Words that have the vowels removed (e.g., sbtrctn)
- Phone numbers, birthdays or any other special numbers
- Numbers substitutes for letters (e.g., 0 for O)
- Any position of your username or account information
- Any default passwords
- Don't use online password generators either because hackers have access to those too!
Do Not Reuse the same Password
When resetting your email password, you should never re-use it for other things like streaming services or online shopping. This is a recipe for disaster. If you do this and your account for any of these is hacked--all of your accounts have been compromised!
When resetting your email password you cannot re-use old passwords.
How to Secure Your Password – A Comprehensive Guide
The 2018 Global Password Security Report
‘12345’ is Really Bad: Your Ultimate Guide to Password Security