What makes a good password?
What makes a good password?
Aimed at: Edinburgh Napier’s staff & students
The Edinburgh Napier Password Policy requires that passwords meet the following criteria:
- Must be at least 15 characters in length
- Must not contain your name or Edinburgh Napier number
- Must not contain obvious words such as “napier” or “password”
- Must not contain any line of consecutive numbers (e.g. 123) anywhere within your password
- Must not be the same as any previous password used
When setting your password the Self-Service Password Reset (SSPR) service will ensure it meets the University's password criteria, but here’s some additional guidance to help you make it even more secure:
- Avoid choosing an obvious password, such as a combination of the season and the year, or anything which includes information about you that’s easily discoverable – memorable names, dates, locations, etc. Ideally your password should be indistinguishable from anybody else’s – there shouldn’t be anything in it that obviously links it to you.
- Certain words and sequences make for very poor passwords – things like ‘password’ and its variants, ‘letmein’, ‘football’, ‘12345678’ or any other predictable pattern of keys on your keyboard. When you set your password, the SSPR service will check what you entered against a list of weak passwords and will prevent you from proceeding if there’s a match.
- Ensure that you use a unique password for your University account, different to any other passwords you may have for home or work purposes. This helps to limit the extent of any damage if one of your other accounts is breached.
- Protecting your University account password is essential, as it grants access to several important systems including your HR information and student records. You should memorise your University password and never write it down or reveal it to anyone else.
- If you need to use several different accounts for work, consider using a password manager application (sometimes called a password vault) to generate, store and autofill unique passwords for each account. Information Services does not currently provide a password manager application as part of our standard desktop service, so if you decide to use one we would strongly suggest that you stick to the market leading products – 1Password, Dashlane or LastPass.
- Passwords which are used infrequently or for specific business-continuity purposes, such as recovering from a system failure, may be written down as long as they are stored in a secure location such as a safe or locked filing cabinet. If possible, there should be minimal information kept with the password about its intended use, or the information should be disguised in some way.
Watch the Video to find out more: