Password Best Practices

Strength

  • The stronger the password the harder it is to crack (discoverd by a computer program). Nearly all passwords can be cracked given sufficient time. The more the characters and different types of characters that is used the longer it takes to crack; weak passwords can be cracked in a matter of seconds. We recommend using at least three or four types of characters: upper case, lower case, numbers, or special characters. For compatibility with some BYU-Idaho systems, consider avoiding the following characters: ? :  ; / \ { } and space. Be creative but make it so you can remember.

Password Phrase

  • Phrase passwords are a great way to increase the complexity of your password and also easier to remember.  This approach uses the first letter of each word from an easy-to-remember sentence or phrase.  Some examples are: "When I was 16 dad bought me a car!" becomes "Wiw16dbmac!" and "I like to eat tacos on Fridays" becomes "iltetof"  By adding numbers, special characters, upper case and lower case letters you increase the complexity of your password to be "Itet0F01".

Length

  • The longer the password the longer it takes to crack. BYU-Idaho will be upgrading the length requirement from 8 characters to 10. These longer passwords prevent passwords from being cracked in any resonable amount of time.

Sharing

  • Never share your password with anyone. If you share our passwords with other people then that gives that person the right to do things in your name. By sharing your password you put your reputation in the hands of another, and in some cases you may be held responsible for their actions. Remember never share your password.

Not Dictionary Words

  • One of the ways that hackers try to crack your password is use a dictionary attack. It takes very little time for a computer to match your password with one in a dictionary. Try to avoid using words in your password use a password phrase approach.

Never Re-use password

  • We strongly recommend you refrain from using any previous password. It is also suggested that you don't use a password that is the same that you use elsewhere, especially passwords that are already used for more secure accounts, or a password that you may use on a site that is less trustworthy. If ever the password for one account is discovered, other accounts which use the password become vulnerable.

 

Microsoft's Security and Passwords Suggestions

Microsoft's Password Strength meter