Keeping Your Passwords Secure

It is important to choose a strong password to help ensure the security of your on-line information and to develop good habits to safe guard your online accounts. Here are some tips from ITSS:

Never share your password with anyone. ITSS will never ask you for your password -- if you receive an email claiming that ITSS or some other University department requires your password, assume it's SPAM and disregard it.

Don't use the same password across multiple services; e.g. UPEI, Facebook, Twitter, etc. Use an application called a "Password Manager" to securely remember your passwords

Choosing Strong Passwords

The following suggested methods for choosing a strong password are taken from the Guide to Enterprise Password Management by the National Institute of Standards and Technology of the U.S. Department of Commerce.

Current guidelines require a password to have at least eight (8) characters and limited to 64 characters. You should also not use repeating characters or patterns in your password like '12121212', '4444aaaa', or 'abcdabcd'

Combining and Altering Words

A user can combine three or more unrelated words and change some of the letters to numbers or special characters.

Words Password
"bank" and "camera" B@nkC@mera
"mail" and "phone" m4!lPh0N3

You can also just choose 4 words that have meaning to you and use that. The more characters your password has, the harder it is to guess.


Mnemonic Method

A user selects a phrase and extracts a letter of each word in the phrase (e.g., the first letter or second letter of each word), adding numbers or special characters or both.

Phrase Password
Please be my best valentine! Pbmybval!
This is the worst car I have ever driven in my LIFE! TitwcIhedimLIFE!
I am definitely your #1 fan Iady#1phan

Although a mnemonic password is generally stronger than a dictionary password—for example, “Pbmbval!” would be much stronger than “valentine”—many mnemonic passwords are still susceptible to attacks.

Users that create mnemonic passwords should either avoid using common phrases, making up their own phrases instead, or should make significant unexpected changes to the passwords, such as changing capitalization and punctuation and spelling out one or more of the words.