OK, those are the rules. But how do I keep thinking up strong passwords?
Strong passwords get away from familiar combinations of letters and numbers, by cleverly employing characters in unfamiliar ways.
The strongest passwords:
- do not contain your name, your username, “Canisius,” “College,” your department, office, or unit name,
- do not include simple information about yourself, your job, or your life that could probably be found through web searches (ex. your building name or office number, children's or spouse's names, or date of birth),
- do not contain a complete word or words spelled out with letters only, like "SocketWrench," "OldShoes," "Ice_Cream," "Mikes*laptop," "Sallystablet," "myMacBook," or...(sigh)..."Password,"
- do not consist of simple keyboard patterns, such as QWERTY, or 45678,
- are significantly different from previous passwords,
- contain numbers symbols, uppercase and lowercase letters,
- and are longer than simply eight characters.
So, for example, "SimpleCode-1" meets the official requirements. But because it contains complete words, it is not as strong as it could be.
Choose words or phrases that have special meaning to you, so you're more likely to remember them. Then, re-spell them using symbols and numbers in place of similar letters.
5!mp!eC0de* is stronger, with letters replaced by numbers and symbols.
The more characters a password has, the more secure it is. Twelve characters is a good minimum.
A longer password may seem difficult to remember, but consider a verse, phrase, or sentence you can jumble with capitalization, numbers, and symbols, or make into an acronym. It’s even better if you can include deliberate misspellings. Bear in mind that you cannot use the spacebar.
“I love my greyhound!” can be “1Luvmy_Greyh0und!”
“What Hath God Wrought?” can be (with two Vs for each W, and a zero for "o") “VVha+ha+hG0DVVr0ugh+?”
Another possibility is creating acronyms. So "Your taun-taun will freeze before you reach the first marker!" can be (with a +s replacing the first two "t"s, and two "v"s for W), "Y++vvfbyrtFM!"
In this way, simple phrases, verses, or sentences that have special meaning to you can become formidable passwords.
Your Canisius password should be different from any of your other passwords.
The password you use to access your Canisius tools and services should be different than the passwords you use for your private (non-canisius.edu) email accounts, online banking tools, shopping sites, and anywhere else you go on the web. But for your non-Canisius internet activities, the above advice is equally valid!
Do not share your password with anyone, or store them electronically.
Never share your Canisius password with anyone, whether they be work colleagues, fellow students, friends, or family. Canisius ITS will not ask you for your password in email or over the phone. Do not even hint at your password when explaining how you create them to others. (ex. "I use the make and model of my car, but I replace some letters with similar-looking numbers.")
If you must write your password(s) down, keep these on paper, somewhere very, very secure (such as a locked desk drawer). Do not write your password on desk blotters or post-it notes. Do not store passwords in word processing files, spreadsheets, or note-taking applications on your computer, tablet, or phone.
Do not let your browser (Internet Explorer, Firefox, Chrome, or Safari) remember passwords for you.