The University of Texas at Austin

Security Awareness

ARCHIVED ARTICLE

This article has been retired from circulation and is no longer being updated or maintained. The information contained in this article may be innacurate and outdated. Please refer to our articles page for a list of current topics.

Password Dos and Don'ts

Get useful tips on creating and maintaining a strong password.

While it’s a necessity to protect your computer through anti-virus software, firewalls and regular updates, all of these safeguards are useless if you also don’t create and use strong passwords. Without a strong password, your personal information, research, finances or anything else on your computer can be easily compromised.

Use these dos and don’ts for creating strong passwords that will protect your computer and your accounts.

Do:

  • Do: Use BOTH upper- and lower-case letters.
  • Do: Use numbers and punctuation marks. The more randomly you place them in your password, the better.
  • Do: Make your password between 8 to 20 characters long. The longer and more complex it is, the harder it is to crack.
  • Do: Use at least one of these special characters: ! @ # $ % * ( ) - + = , < > : : “ ‘ .
  • Do: Make your password easy to remember, so you won’t have to write it down. You need it to be easy for you to remember, but hard for anyone else to guess.
  • Do: Create different passwords for different accounts and applications.
  • Do: Change your passwords regularly, about every 6 months.  To change your UT EID password, go to the UT EID Self-Service Tools Web site and select Change My Password.
  • Do: Keep them to yourself. Avoid giving out your password to others. Once it’s out of your control, so is your security.
  • Do: Consider using a phrase or a song title as a password. This may help you to easily remember your password. For example, “Somewhere Over the Rainbow” becomes “Sw0tR8nBO”  or “Smells Like Teen Spirit” becomes “sMll10nspT.”
  • Do: Use a completely unique password for your university accounts.  When you do this, you take an extra step to protect the university computer systems, and all your fellow Longhorns connected to the campus network.
  • Do: Make your password easy to type quickly. This will make it harder for someone looking over your shoulder to steal it.

Don’t:

  • Don’t: Use the same password for different accounts or applications. If one account is breached, the others will be at risk as well.
  • Don’t: Use your UT Austin password for online shopping sites or free e-mail accounts (Hotmail, Yahoo!, Gmail).
  • Don’t: Create a password using your user name in any form (reversed, capitalized or doubled).
  • Don’t : Use your name, Social Security number or any other personal information that could identify you. This means pet names, girlfriend/boyfriend names, birth dates, phone numbers, license plates, car models or addresses.
  • Don’t: Use any word found in a dictionary longer than three letters. Hackers use automated programs to crack passwords using special programs that scan for any word found in a dictionary. This includes any word spelled backwards.
  • Don’t: Use numbers in place of letters. For example, “Password” becomes “Pa55w0rd.” Dictionary programs are also equipped to combat this technique.
  • Don’t: Create a password of keys next to one another on the keyboard (asdfghjkl) or all one letter or number (aaaaaaaa or 444444444).
  • Don’t: Use dates to create a password (for example, AUguST2001).
  • Don’t: Re-use any of your last 10 passwords.
  • Don’t share your password with others.
  • Don’t: Write them down and store them near your computer. It’s like a key under a welcome mat. It’s the first place someone might look.
  • Don’t: Provide your password—or any of your sensitive or confidential information—over e-mail or instant message. Think of an e-mail message or IM like a postcard. The information can be seen while it’s traversing the Internet. Also, once you send an e-mail, you no longer control the information in it. It can be forwarded to other people without your knowledge or consent.
  • Don’t: Enable the “Save Password” option if prompted to do so. Pre-saved passwords will make it easy for anyone else using your computer to access your accounts.
  • Don’t: Walk away from a shared computer without logging off. This will ensure no other users can access your accounts.
  • Don’t: Use sample passwords given on different Web sites, including this one.