DePaul University Information Services > Security > Protect Yourself > How to Choose a Strong Password

How to Choose a Strong Password

Passwords Defined
The computer security industry defines a password as a token of identity. Generally this token is used to authenticate users to computer systems, networks and applications using a "known secret" or piece of information unique to the individual. Passwords have become a way for an individual to prove their identity in a limited capacity. While other technologies exist to decrease the rate of error (biometrics, multiple authentication levels, etc.), passwords are the most common method available.

Why Choose a Strong Password?
A computer password is the first level of defense in protecting your computer, computer files and other data.  Many attacks against computers rely on breaking weak passwords based on dictionary words, birthdates and other easily guessable information.
Passwords, generally, may be comprised of certain types of characters.  The following types of characters are found on standard US101/104 keyboard and are usually available to be used to contstruct a password.
Type Characters
Alpha ABCDEFGHIJKLMNOPQRSTUVWXYZ
abcdefghijklmnopqrstuvwxyz
Numeric 0123456789
Special ~`!@#$%^&*()_+-={}|[]\:";'<>,.?/

The best way to protect your computer is by choosing a "strong" password. But how can a strong password be chosen?  Simple!

  1. Passwords should begin with an upper or lowercase alpha character.
  2. A password should be at least eight (8) characters in length. Longer passwords are encouraged as they are harder to guess or crack!
  3. Passwords should not be based on any dictionary words (any languages, slang terminology or technical terms), birthdates, passages from literature, song lyrics, computer names or your login ID.  A general rule of thumb: if the string of characters is printed anywhere in any media, it can easily be guessed.
  4. A password should contain a mix of upper and lower case alpha characters, numerals and special characters.
  5. Passwords should not be shared between systems.
  6. A password should be changed on a periodic basis - the frequency of which will depend on how sensitive the information the password protects is. A password should absolutely be changed if any disclosure is suspected or if you find you have entered it into a computer which you now suspect may have a virus.
  7. Avoid writing your passwords down, if possible. ; If you have too many passwords to remember and must write them down,  either  store  them  electronically in encrypted format (the key to which only you know the password) or put a piece of paper in a strongly protected place (your wallet, for example).

These short rules will get you started on choosing a strong password. Always remember that passwords should be fluently typed to combat against those "shoulder surfers" that often like to gain access by watching your fingers on the keyboard.  Note: It's not rude to ask a person to look away from the keyboard while you authenticate into a system!

Security Requires Inspiration