What makes a good password?

What makes a good password?

Aimed at:  Edinburgh Napier’s staff & students

The Edinburgh Napier Password Policy requires that passwords meet the following criteria:

  • Must be at least 15 characters in length
  • Must not contain your name or Edinburgh Napier number
  • Must not contain obvious words such as “napier” or “password”
  • Must not contain any line of consecutive numbers (e.g. 123) anywhere within your password 
  • Must not be the same as any previous password used

When setting your password the Self-Service Password Reset (SSPR) service will ensure it meets the University's password criteria, but here’s some additional guidance to help you make it even more secure:

  • Choose 3 random words.  Numbers, symbols and combinations of upper and lower case can be used if you feel you need to create a stronger password, or the account you are creating a password for requires more than just letters.

  • Avoid choosing an obvious password, such as a combination of the season and the year, or anything which includes information about you that’s easily discoverable – memorable names, dates, locations, etc. Ideally your password should be indistinguishable from anybody else’s – there shouldn’t be anything in it that obviously links it to you.
  • Certain words and sequences make for very poor passwords – things like ‘password’ and its variants, ‘letmein’, ‘football’, ‘12345678’ or any other predictable pattern of keys on your keyboard. When you set your password, the SSPR service will check what you entered against a list of weak passwords and will prevent you from proceeding if there’s a match.
  • Ensure that you use a unique password for your University account, different to any other passwords you may have for home or work purposes. This helps to limit the extent of any damage if one of your other accounts is breached.
  • Protecting your University account password is essential, as it grants access to several important systems including your HR information and student records. You should memorise your University password and never write it down or reveal it to anyone else.
  • If you need to use several different accounts for work, consider using a password manager application (sometimes called a password vault) to generate, store and autofill unique passwords for each account. Information Services does not currently provide a password manager application as part of our standard desktop service, so if you decide to use one we would strongly suggest that you stick to the market leading products – 1PasswordDashlane or LastPass.
  • Passwords which are used infrequently or for specific business-continuity purposes, such as recovering from a system failure, may be written down as long as they are stored in a secure location such as a safe or locked filing cabinet. If possible, there should be minimal information kept with the password about its intended use, or the information should be disguised in some way.

Watch the Video to find out more:

 

Attachments
There are no attachments for this article.
Related Articles RSS Feed
I have set my password, what do I do now?
Viewed 19115 times since Thu, Sep 1, 2016
How can I choose a secure, easy to remember password?
Viewed 15628 times since Fri, Mar 18, 2016
How do I change my password?
Viewed 25144 times since Thu, Mar 17, 2016
Should I save my password when prompted?
Viewed 16345 times since Fri, Mar 18, 2016
Can I reuse a password?
Viewed 15327 times since Fri, Mar 18, 2016
What format does my University password need to be in?
Viewed 18867 times since Fri, Mar 18, 2016
When trying to set password I receive the error “no records for this Edinburgh Napier number”, what do I do?
Viewed 18985 times since Wed, Aug 31, 2016
How do I log in to a University PC?
Viewed 24645 times since Tue, Jun 14, 2016
When I try to set my password it says “Password not set”, what do I do?
Viewed 18671 times since Thu, Sep 1, 2016
MENU