Skip to main content

Information Security

Cyber Awareness Items

Password Advice

Tips about passwords that can help you protect your information.

Passwords are often the first (and possibly only) defense against intrusion. They protect personal information—information we don’t want anyone to know. In our personal lives, this means financial information, health data, and private documents. At SCU, your password may protect student data, employee data, financial data, research data, or other data that could damage the university if your account was breached.

Password Common Sense:

  • Password Length: Password length is the most important ingredient to creating strong passwords. The longer the better–we recommend using at least 16 characters.
  • Unique passwords: Don't reuse passwords between multiple accounts. Create a new password for each new account, and don't share elements between them (such as adding your birth or graduation year to every password)
  • Password Managers: Use a password manager to keep all your passwords safe! We recommend 1Password or KeePass. Check out their free trials and choose one that suits you.
  • Complexity: If you do create your own password, a great option is to take 4 completely unrelated words to create a passphrase. For example, "Correct Horse Battery Staple" is hard to guess and very long. Most systems require numbers or special characters, and adding these will make an even stronger password, such as: C0rrect-Hor5e-B@ttery-Stap1e.
  • Randomness: Humans are bad at making random passwords. Use a password generator, such as built in to most password managers, which will come up with a random mix of characters. 

Don’t use the following things in your password:

  • Usernames or part of usernames
  • Personal information about yourself and/or family members. This includes the personal information that can be obtained very easily, such as birth date, graduation year, pet or child's name, school mascot, etc.
  • Sequences, consecutive alphabets, numbers or keys on the keyboard (e.g. abcde, 12345, qwerty)
  • An empty password

Other password advice:

  • Don't share your password with anyone
  • Change passwords immediately when they are compromised. If you have the slightest doubt that your password has been stolen or compromised, change it!
  • Don't use the "Remember password" option on the browser. Always say "Not Now" or "Never for this site" when the 'Remember Password' box pops up, especially if you're using a computer that does not belong to you. Some malware specifically targets passwords saved in browsers.
  • Don't use a public computer to login to sensitive websites such as banking or email.

To ensure that your information is protected, please take the time to update and strengthen your password. Remember, a password is like a lock. The stronger it is, the harder it is for someone to break in.