Creating Strong Passwords: Best Practices

Stronger Passwords

Your password is the first line of defense protecting your university accounts, personal information, research data, and campus digital resources. Weak or reused passwords remain one of the most common ways attackers compromise accounts.

This guide provides updated guidance, aligned with best practices for creating strong passwords and using modern tools to keep them secure.

Why Strong Passwords Matter

Attackers routinely use automated tools to guess or “crack” passwords by comparing them to massive lists of real passwords, dictionary words, names, pop-culture references, and predictable patterns. Using strong, unique passwords dramatically increases the difficulty of account compromise—even by sophisticated tools.

Password Requirements

Modern guidance focuses on length, uniqueness, and avoiding known-compromised passwords, rather than complex, hard-to-remember rules. UCM aligns with these principles.

Strong passwords should:

  • Be at least 15 characters long (longer is stronger).
  • Be unique for every account (never reuse passwords).
  • Avoid common words, phrases, or predictable patterns.
  • Not contain personal information (names, birthdays, IDs, pet names, etc.).
  • Not appear in lists of passwords known to be compromised or commonly used.

The good news:
Best practices no longer recommend forced complexity (like “must include uppercase + number + symbol”), unless required by specific systems. Length and unpredictability matter far more.

What to Avoid

To protect your university credentials:

  • Do NOT use passwords based on single dictionary words in any language.
  • Do NOT use names of family, pets, teams, buildings, or locations.
  • Do NOT use dates, anniversaries, phone numbers, street names, or IDs.
  • Do NOT use keyboard patterns like:
    • qwerty, asdf, 123456, 111111, password, etc.
  • Do NOT use passwords used for any other account (social media, banking, etc.).
  • Do NOT write down or print passwords

If a password can be guessed by someone who knows basic things about you, it’s not strong enough.

Recommended Approach: Use a Passphrase

A passphrase is a sequence of unrelated words or a memorable sentence. Passphrases are far easier to remember and significantly stronger due to their length.

Strong Passwords Examples (do NOT use these):

  • CrispTurtles drift beyond floating galaxies
  • BlueCarpetsRunSideways!
  • SilentRidge-84!MoonVector_39

Tips for a strong passphrase:

  • Choose 4–5 unrelated words.
  • Add spacing, punctuation, or capitalization that is meaningful to you.
  • Make it long, but still something you can quickly type.

Using Tools to Create and Manage Secure Passwords

Modern security tools can help maintain strong, unique passwords without needing to memorize them.

Password Managers (Recommended)

Password managers securely store and generate strong passwords. Many are free or included in your devices.

Common options:

  • LastPass
  • Bitwarden
  • 1Password
  • Apple Keychain (macOS/iOS)
  • Google Password Manager (Chrome/Android)
  • Microsoft Edge Password Manager

Benefits:

  • Automatically generates strong passwords.
  • Securely stores them across devices.
  • Alerts you if a password appears in a known data breach.
  • Eliminates the need to write passwords down.

Built-in Browser Generators

Chrome, Edge, Firefox, and Safari can automatically suggest strong passwords that meet modern guidelines.

Password Checkup Tools

These tools check if your passwords have appeared in known breaches:

  • Browser password checkup dashboards
  • “Have I Been Pwned” password check tool

Do Not Write Your Passwords Down

Avoid sticky notes, notebooks, Word documents, or unencrypted files. If you need a reminder, rely on a password manager, not paper.

Avoid Reusing Your University Password

Your university account often grants access to sensitive or privileged system, network resources, email, student information systems, payroll, and more.

Using your campus password on any external website (forums, social media, online stores) could expose university systems if that site suffers a breach.

Additional Tips for Protecting Your Password

  • Always log out when using shared systems.
  • Never share your password with anyone—including IT staff.
  • Be cautious of phishing attempts asking you to “verify” or “reset” your password.

Stronger Means Safer

A strong password should be:

  • Long (15-64 characters)
  • Unique
  • Unpredictable
  • Stored securely

Modern password managers and passphrase techniques make it easy to follow best practices without sacrificing convenience.

Protect your account and the UCM community by choosing strong, secure passwords every time.

Print Article