What makes a good password?

What makes a good password?

Aimed at:  Edinburgh Napier’s staff & students

When setting your password the Password Manager service will ensure it meets the University's password criteria, but here’s some additional guidance to help you make it even more secure:

  • Avoid choosing an obvious password, such as a combination of the season and the year, or anything which includes information about you that’s easily discoverable – memorable names, dates, locations, etc. Ideally your password should be indistinguishable from anybody else’s – there shouldn’t be anything in it that obviously links it to you.
  • Certain words and sequences make for very poor passwords – things like ‘password’ and its variants, ‘letmein’, ‘football’, ‘12345678’ or any other predictable pattern of keys on your keyboard. When you set your password, the Password Manager service will check what you entered against a list of weak passwords and will prevent you from proceeding if there’s a match.
  • Ensure that you use a unique password for your University account, different to any other passwords you may have for home or work purposes. This helps to limit the extent of any damage if one of your other accounts is breached.
  • Protecting your University account password is essential, as it grants access to several important systems including your HR information and student records. You should memorise your University account password and never write it down or reveal it to anyone else.
  • If you need to use several different accounts for work, consider using a password manager application (sometimes called a password vault) to generate, store and autofill unique passwords for each account. Information Services does not currently provide a password manager application as part of our standard desktop service, so if you decide to use one we would strongly suggest that you stick to the market leading products – 1PasswordDashlane or LastPass.
  • Passwords which are used infrequently or for specific business-continuity purposes, such as recovering from a system failure, may be written down as long as they are stored in a secure location such as a safe or locked filing cabinet. If possible, there should be minimal information kept with the password about its intended use, or the information should be disguised in some way.

Watch the Video to find out more:


There are no attachments for this article.
Related Articles RSS Feed
How do I log in to a University PC?
Viewed 24390 times since Tue, Jun 14, 2016
How do I reset a forgotten password on campus?
Viewed 20980 times since Thu, Mar 17, 2016
I have set my password, what do I do now?
Viewed 18805 times since Thu, Sep 1, 2016
What format does my University password need to be in?
Viewed 18604 times since Fri, Mar 18, 2016
How do I change my password?
Viewed 24145 times since Thu, Mar 17, 2016
How do I reset a forgotten password off campus?
Viewed 20747 times since Thu, Mar 17, 2016
When trying to enrol for Password Manager an ‘authentication required’ pop up appears what should I do?
Viewed 19375 times since Wed, Aug 31, 2016
Should I save my password when prompted?
Viewed 16192 times since Fri, Mar 18, 2016
When I try to set my password I receive the error that my account is still being created
Viewed 18850 times since Thu, Sep 1, 2016
When I try to set my password it says “Password not set”, what do I do?
Viewed 18399 times since Thu, Sep 1, 2016