Passwords should be hard for somebody else to guess but easy to remember. A good rule is to make sure that somebody who knows you well, couldn't guess your password in 20 attempts. Whilst you need a secure password, you also need to remember it without having to write it down somewhere.
1. Three Random Words
As such, a useful and effective method is to use three random words.
Three well-chosen random words can be quite memorable but not easy to guess providing a good compromise between protection and usability. A service provider (including the University of Cumbria) may also require you to include at least one uppercase letter (ABC), add in a numeric character (0123456789) and/or a non-alphanumeric character (!#$@?~).
Even if it is not required, adding in these additional characters will make your password more secure. These should be used randomly and not for simple letter/number substitution.
Good example: ForestCheeseShell@
Excellent example: Party(Wombat7Postcard%
Poor example: Liv3rpoolFoot8allC1ub
Awful example: oldtraffordfootball
Please note: DO NOT use the following characters “ £ & and + in your university password as this will affect your ability to sign into the online print payment system.
2. Choosing a secure and memorable password
When generating such a password avoid using personal information, a single dictionary word and predictable keyboard sequences such as 'Qwerty123' or 'Zxcvbnm123'. In addition, Ensure the password is unique. Do not use the same password with multiple accounts. This way, if one of your personal accounts are compromised, the attacker will not be able to breach any other of your accounts. including your university network account.
The UK National Cyber Security Centre (NCSC) has some useful advice on how to choose a non-predictable password.
3. Password length
Length matters! Although many services require a minimum length of 8 characters for a password, using 16 characters is not twice as secure - it is millions of times harder to guess.
Cyber security experts say that 8 "letter" passwords can be hacked in minutes, but that 12 to 16 characters satisfy most security requirements and can take years for a computer to guess.
4. Personal as well as University
This advice should be applied to any of your personal online services as well as your University network user account. For student network user accounts there are some fundamental policies that are enforced which must be adhered to when selecting a password. Failure to do so will result in your new password not being accepted. These are as follows:
- Minimum of 8 characters in length
- Combination of uppercase, lowercase (and non-alphanumeric characters if desired though these should be used randomly and not for simple letter/number substitution)
5. Test your password(s)
The LastPass website will allow you to test your potential passwords for security. The service is free and secure - they don't store any information that you type into the box. Try a few combinations and don't stop until you manage to get the page to turn green!
LastPass: How Secure is Your Password?