skip to primary navigationskip to content

Choosing your passwords

Advice on how to choose a strong, yet memorable, password.

Choosing a strong and memorable password

Passwords protect both your personal data and the University's networks and systems. Please take the time to choose a strong, memorable password or passphrase, bearing in mind the advice below:

Strong passwords

Recommended techniques for inventing a strong password you can actually remember include:

  • a mix of upper and lower case letters (not just on first or last character)
  • a pair of unrelated words with punctuation inserted
  • a full sentence which is nonsense
  • the initials of two or more friends (unrelated), with punctuation inserted
  • the first letter of each word in a phrase or song title, with mixed case and punctuation/numbers
  • alternating one consonant and one or two vowels, to create a nonsense word which you can pronounce, and perhaps including this nonsense word in a longer phrase.

Weak passwords

The following types of password should be avoided:

  • null (blank) passwords
  • fewer than 8 characters
  • simple sequences such as qwerty, letmein, welcome, hello, the name of your department or group
  • long passwords which are obvious sentences or well-known quotations
  • anything you would find in a dictionary (in any language or jargon), or any dictionary word slightly modified (e.g. by adding a number to the end, or changing l to 1) any name (including that of a partner, parent, child, pet, literary character, famous person or place)
  • any variation (e.g. backwards, or followed or preceded by a digit) of your own name, your Cambridge user identifier, your username on any other system, your birthday, car registration number or any other personal information
  • any small variation on your existing password
  • your password on another system.

Keeping your password safe

Most people have many passwords and PINs to remember, calling for a difficult compromise between memorability and unguessability. Some suggestions for making strong passwords memorable are above.

  • If passwords must be written down, they should be kept in a non-obvious form; if you store them on a computer system then you should encrypt the file, protected by another (strong!) password.
  • Never leave a handwritten copy lying about
  • Never give your password to other people, however trustworthy you believe them to be (this includes your friends and family)
  • Passwords should be changed at regular intervals
  • Different passwords should be used for different computer systems, so that if your password is cracked the damage may be limited.

Last updated: August 2016