Passwords help to keep your work and personal details safe by preventing others from accessing your accounts or computer. So for obvious reasons you shouldn’t share your passwords with anyone. You are responsible for following good security practices in the selection, use and care of any passwords.
Strong passwords, with random characters are more secure, as they make it more difficult for someone to guess them.
Creating a strong password
There are a number of pages on the internet which will create a random password for you, such as Strong password generator. As you can see this page creates passwords which are random and secure, but are not at all memorable.
So here are some tips for making your own strong passwords.
Make a sentence your password – Recommended by Bruce Schneier, Security expert.
- Choose one or two lines from a poem or song and use the first letter of each word. For example 'Always look on the bright side of life' becomes 'alotbsol'.
- Passwords are case sensitive, so using the same example, the passwords 'alotbsol', 'AlotbsoL' and 'aLotBsol' are all different. You can increase your security further by using mixed-case passwords.
- Replace letters with numbers or characters. For example 'Alotbsol' becomes 'A10tbs01' where the letter ‘l’ has been replaced with the digit ‘1’ and the letter ‘o’ has been replaced with the digit ‘0’.
The Random Word Method – Recommended by GCHQ (Government Security Agency)
- Choose three or four random words that are easy to remember and spell, for example 'wizard flint computer'.
- Use the first three letters of each word to construct the first part of your password, so 'wizard flint computer' becomes 'wizflicom'
- Then add in upper case letters and numbers to the start, middle or end to complete your password, 'wizflicom' becomes 'Wiz7fLi9Com2'.
Make sure that you create a password that you'll remember, but that other people are unlikely to guess.
Things not to use in your password
Passwords should not be based on the following:
- Months of the year, days of the week or any aspect of dates with which you are personally associated (eg anniversaries, birthdays).
- Family names, initials or car registration numbers.
- Organisation names, identifiers or references.
- Proper dictionary words.
- Telephone numbers or similar all-numeric groups.
- User id, user name, group id or other system identifier or job-related title (eg scientific, registry etc).
- Any other guessable personal characteristic (eg address, nickname, favourite sports team, etc).
- More than two consecutive identical characters.
Log out when away from the computer
Always log out if you're going to be away from your computer. This will help keep your personal details and work secure.
Note that the PCs in our computer rooms are set to log you out after 15 minutes of inactivity. Any files you've temporarily saved to the desktop will be deleted when you are logged out.