A guide to good passwords

If you're thinking of resetting your password, now is the right time to think about what makes a password strong.

Let's start with the basics. Your school password must be..

.. Strong

Use this guide or contact IT to help you determine a strong password.

.. Unique.

It must not be used anywhere else, nor a variation of it.

.. Only known by you.

Never share your password with family or friends.

.. Reset when appropriate.

If you think somebody knows your password or you're worried it's not strong enough, have your password reset.

A good password is unique.

As you know, websites regularly get hacked and customer information, (often including passwords) is exposed to the world.

Using the same password across multiple websites (or even a variant of it, eg. MyStrongSentence1, MyStrongSentence2) means it only takes one website to be compromised, and all your other accounts become exposed too.

A good password should be easy to remember, but too hard to guess.

Often we create a problem for ourselves by choosing a password that is too complex to comfortably type and/or remember, but not necessarily strong against a computer to crack or even for another human to guess.

For example, the password BlueMountains (which is not a strong password) takes 1 minute for a modern computer to crack. Blu3M0unt41n$ is more complex, but still only takes 15 minutes to crack, so it's barely worth the effort.

On the other hand, Ye West Indigo Hills:) would take 586,167,740 centuries to crack, and it's a hoot!

Think 'passphrase', not 'password'

By definition, a password is just a secret word. But a computer could crack a password in seconds!

Instead, think of a phrase, like a short sentence or a collection of random words. Phrases are still easy for you to remember, but much stronger.

For more information, or to generate a passphrase, check out this great website:

Avoiding Password Fatigue

Password fatigue is the overwhelming stress and exhaustion that results from having too many passwords, and/or having to change them too frequently. Good security doesn't have to be this way.

Let a password manager do the remembering!

Password managers protect all your passwords (and sometimes other secrets like credit cards or secure notes) using a single, extra-strong master password. 

Google Chrome has a built-in password manager, but if you're serious about security you might like to try out a dedicated password manager such as Bitwarden or 1Password.

Setup PIN or touch authentication

For your school device, it is acceptable to setup your fingerprint or a PIN (depending on the device's capabilities) to quickly login and approve sensitive tasks. This way you won't have to enter your password all the time.

Ready to choose a new password? Click here or contact IT for assistance.

Check out our password policy below.