Passwords should be hard for somebody else to guess but easy to remember. A good rule is 'make sure that somebody who knows you well, couldn't guess your password in 20 attempts'. As such, a useful and effective method is to use three random words.
Three well-chosen random words can be quite memorable but not easy to guess providing a good compromise between protection and usability. Why not add in a non-alphanumeric character (!#$@?~) as well to further strengthen the password though these should be used randomly and not for simple letter/number substitution.
Good example: ForestCheeseShell@
Poor example: Liv3rpoolFoot8allC1ub
1. Choosing a secure and memorable password
When generating such a password avoid using personal information, a single dictionary word and predictable keyboard sequences such as 'Qwerty123' or 'Zxcvbnm123'. In addition, Ensure the password is unique. Do not use the same password with multiple accounts. This way, if one of your personal accounts are compromised, the attacker will not be able to breach any other of your accounts. including your university network account.
The UK National Cyber Security Centre (NCSC) has some useful advice on how to choose a non-predictable password.
2. Personal as well as University
This advice should be applied to any of your personal online services as well as your University network user account. For student network user accounts there are some fundamental policies that are enforced which must be adhered to when selecting a password. Failure to do so will result in your new password not being accepted. These are as follows:
- Minimum of 8 characters in length
- No requirement to change passwords
- Combination of uppercase, lowercase (and non-alphanumeric characters if desired though these should be used randomly and not for simple letter/number substitution)