Passwords | BYU Information Security Skip to main content
Office of Information Technology
Cybersafe

Passwords

A strong password is your first line of defense against hacking. On the other hand, a weak password makes your private data extremely vulnerable. Here's what we recommend to ensure your safety on all your personal accounts:

Do's and Dont's

A few basic rules always apply to all kinds of passwords.

  • Aim for length - about 16-20 characters.
  • Include numbers, symbols, uppercase and lowercase letters.
  • Make a long, memorable phrase with several words.
  • Use a different password for each website or service you use. This is especially crucial with your accounts for school, finances, and the government.
  • Save passwords in a password manager.
  • Don't recycle passwords.
  • Don't use personally identifying information (nicknames, birthdays, anniversaries, addresses, etc.).
  • Don't use keyboard patterns like qwertyuiop or 1234.
  • Don't keep passwords written down in an unsecured place.

Strength = Variety x Length

The shorter you make your passwords, the more complex they need to be to resist a brute-force hacking attempt. In fact, passwords shorter than eight characters aren't safe at all, no matter the situation. Use the guidelines below to help you decide how much variety (symbols, letters, and mixed-case letters) you need in your passwords.

# OF CHARACTERSTYPES OF CHARACTERS NEEDED TO KEEP THE PASSWORD STRONGEXAMPLE
8-11Use symbols, mixed-case letters, and numbersC0ug@rZ47
12-15Use mixed-case letters and numbersCouGar1847CooL
16-19Use mixed-case lettersCouGarCooLestCast
20+Use whatever you wantcougarcoolestcatsnack

Using a Pass Phrase

A passphrase is basically a series of words, including the use of spaces if desired, that can be used instead of a single pass "word." Passphrases are easier to remember than complex passwords. Passphrases should be at least 16 characters in length (spaces count as characters). Longer is better because, though pass phrases look simple, the increased length provides so many possible permutations that a standard password-cracking program will not be effective. Disguising simplicity by throwing in elements of weirdness, nonsense, or randomness, will help make it more secure. For example:

pizza home cosmic spaniels

foggy tooth jazz pants

Adding punctuation and capitalization to your phrase and adding in a few numbers or symbols from the top row of the keyboard, plus using some deliberately misspelled words will create an almost unguessable password. For example:

Pizza Home Cosmic Spaniels?

P1zza 4 Hom3 Cosmik Spanielz!

Foggy Tooth Jazz Pants!

Fogggy Toooth J4zz P@nts?

Password Managers

Password managers are third-party applications that encrypt and store passwords for you—either ones you've made, or auto-generated passwords that are highly hacker-resistant. You only need to remember one password to access the others your password manager keeps—but follow the tips on this page to make it a strong one, just in case!

Popular password managers include LastPass, Keeper, Sticky Password, and Dashlane. Always do your research before choosing a password manager.