Choosing a strong and memorable password
Passwords protect both your personal data and the University's networks and systems. Please take the time to choose a strong, memorable password or passphrase, bearing in mind the advice below:
Recommended techniques for inventing a strong password you can actually remember include:
- a mix of upper and lower case letters (not just on first or last character)
- a pair of unrelated words with punctuation inserted
- a full sentence which is nonsense
- the initials of two or more friends (unrelated), with punctuation inserted
- the first letter of each word in a phrase or song title, with mixed case and punctuation/numbers
- alternating one consonant and one or two vowels, to create a nonsense word which you can pronounce, and perhaps including this nonsense word in a longer phrase.
The following types of password should be avoided:
- null (blank) passwords
- fewer than 8 characters
- simple sequences such as qwerty, letmein, welcome, hello, the name of your department or group
- long passwords which are obvious sentences or well-known quotations
- anything you would find in a dictionary (in any language or jargon), or any dictionary word slightly modified (e.g. by adding a number to the end, or changing l to 1) any name (including that of a partner, parent, child, pet, literary character, famous person or place)
- any variation (e.g. backwards, or followed or preceded by a digit) of your own name, your Cambridge user identifier, your username on any other system, your birthday, car registration number or any other personal information
- any small variation on your existing password
- your password on another system.
Keeping your password safe
Most people have many passwords and PINs to remember, calling for a difficult compromise between memorability and unguessability. Some suggestions for making strong passwords memorable are above.
- If passwords must be written down, they should be kept in a non-obvious form; if you store them on a computer system then you should encrypt the file, protected by another (strong!) password.
- Never leave a handwritten copy lying about
- Never give your password to other people, however trustworthy you believe them to be (this includes your friends and family)
- Passwords should be changed at regular intervals
- Different passwords should be used for different computer systems, so that if your password is cracked the damage may be limited.
Further advice and examples are available.
Last updated: August 2016