What makes a good password?

What makes a good password?

Aimed at:  Edinburgh Napier’s staff & students

When setting your password the Password Manager service will ensure it meets the University's password criteria, but here’s some additional guidance to help you make it even more secure:

  • Avoid choosing an obvious password, such as a combination of the season and the year, or anything which includes information about you that’s easily discoverable – memorable names, dates, locations, etc. Ideally your password should be indistinguishable from anybody else’s – there shouldn’t be anything in it that obviously links it to you.
  • Certain words and sequences make for very poor passwords – things like ‘password’ and its variants, ‘letmein’, ‘football’, ‘12345678’ or any other predictable pattern of keys on your keyboard. When you set your password, the Password Manager service will check what you entered against a list of weak passwords and will prevent you from proceeding if there’s a match.
  • Ensure that you use a unique password for your University account, different to any other passwords you may have for home or work purposes. This helps to limit the extent of any damage if one of your other accounts is breached.
  • Protecting your University account password is essential, as it grants access to several important systems including your HR information and student records. You should memorise your University account password and never write it down or reveal it to anyone else.
  • If you need to use several different accounts for work, consider using a password manager application (sometimes called a password vault) to generate, store and autofill unique passwords for each account. Information Services does not currently provide a password manager application as part of our standard desktop service, so if you decide to use one we would strongly suggest that you stick to the market leading products – 1PasswordDashlane or LastPass.
  • Passwords which are used infrequently or for specific business-continuity purposes, such as recovering from a system failure, may be written down as long as they are stored in a secure location such as a safe or locked filing cabinet. If possible, there should be minimal information kept with the password about its intended use, or the information should be disguised in some way.

Watch the Video to find out more:

 

Attachments
There are no attachments for this article.
Related Articles RSS Feed
I have set my password, what do I do now?
Viewed 10790 times since Thu, Sep 1, 2016
What format does my University password need to be in?
Viewed 8426 times since Fri, Mar 18, 2016
How do I reset a forgotten password off campus?
Viewed 12157 times since Thu, Mar 17, 2016
How do I log in to a University PC?
Viewed 16374 times since Tue, Jun 14, 2016
When I try to set my password it says “Password not set”, what do I do?
Viewed 10802 times since Thu, Sep 1, 2016
Should I save my password when prompted?
Viewed 7843 times since Fri, Mar 18, 2016
How can I choose a secure, easy to remember password?
Viewed 8068 times since Fri, Mar 18, 2016
How do I reset a forgotten password on campus?
Viewed 12404 times since Thu, Mar 17, 2016
What do I do if I get the message “Sorry! This Getting Registered form can no longer be used to reset your password”?
Viewed 10690 times since Thu, Sep 1, 2016
Can I reuse a password?
Viewed 7872 times since Fri, Mar 18, 2016
MENU