Password Tips | SecureIT | Kent State University

Password Tips

  • Create a strong password that: 
    • Is at least 8 characters long
    • Does not contain your user name or real name
    • Does not contain a complete dictionary word
    • Does not contain personal information, such as birthdates, names of family members or pets
    • Is significantly different than previous passwords
    • Contains uppercase letters, lowercase letters, numerals, and symbols
  • Change your passwords often - Changing your password often limits how long a compromised password can be useful. If your password is compromised and you are unaware of the unauthorized access, hackers can access your account until your next password change. Change your password immediately if you think it may have been compromised and notify
  • Use a Password Phrase - Having a password phrase makes it easier for you to remember your password without making it easier for somebody to guess or hack. 
  • Unique Account, Unique Password - Have a unique password for each account. This way, if someone gets one of your passwords, they won't have access to all of your accounts.
  • Check for a Secure Connection - Don't log into important accounts (such as online banking or email) when you are not on a secure connection. Places that offer free wifi often aren't secured, which means that other people can be watching your traffic and grabbing your password. Check that your websites are secured with HTTPS and wifi connections are secured with WPA2. If no secure networks are available to you, consider using Kent State's Virtual Private Network (VPN)
  • Beware of Keyloggers - malicious software known as Keyloggers can steal your password.
  • Don't Share Your Password - You are responsible for what happens under your username and password. For more information see Kent State's policy
  • Do Not Write Your Passwords Down - If you have trouble remembering your passwords, look into password managers such as LastPass or 1Password
  • Beware of Phishing Attempts - Do not reply to emails that ask you to submit your password