A guide to good passwords

If you're thinking of resetting your password, now is the right time to think about what makes a password strong.

Let's start with the basics. Your school password must be..

.. Strong

Use this guide and/or contact IT to determine a strong password.

.. Unique.

Not used anywhere else, nor any variant of it.

.. Only known by you.

Do not share with family or friends.

.. Reset when appropriate.

If you think somebody knows your password or you're worried it's not strong enough, have your password reset.

A good password is unique.

As you know, websites regularly get hacked and customer information, often including passwords, is exposed to the world.

Using the same password across multiple websites (or even a variant of it, eg. MyStrongSentence1, MyStrongSentence2) means it only takes one website to be compromised to affect all of your other accounts.

A good password is easy enough to remember, but too hard to guess.

Often we create a problem for ourselves by choosing a password that is too complex to comfortably type and/or remember, but not necessarily strong against a computer to crack or even for another human to guess.

For example, the password BlueMountains (which is not a strong password) takes 1 minute for a modern computer to crack. Blu3M0unt41n$ is more complex, but still only takes 15 minutes to crack, so barely worth the effort.

On the other hand, Ye West Indigo Hills:) would take 586,167,740 centuries to crack, and it's a hoot.

Think 'passphrase', not 'password'

By definition, a password is just a secret word. But a computer could crack a password in seconds!

Instead, think of a phrase, like a short sentence or a collection of random words. Phrases are still easy for you to remember, but much stronger.

For more information, or to generate a passphrase, check out this great website:

Avoiding Password Fatigue

Password fatigue is the overwhelming stress and exhaustion that results from having too many passwords, and/or having to change them too frequently. Good security doesn't have to be this way.

Let a password manager do the remembering!

Password managers protect all your passwords (and sometimes other secrets like credit cards or secure notes) using one master password. 

Google Chrome has a built-in password manager, but if you're serious about security we recommend trying out a dedicated password manager like Bitwarden or 1Password.

Setup PIN or touch authentication

For your primary work device, it is acceptable to setup your fingerprint or a PIN (depending on the device's capabilities) to quickly login and approve sensitive tasks. This way you won't have to enter your password all the time.

Ready to choose a new password? Contact IT for assistance.

Check out our password policy below.