News & Alerts


My password is ‘Password’

January 6, 2017
Spotlight on Safe Computing

Password. Password1234. Your lucky number. Your mom’s name. Your dog’s birthday. The street where you grew up. The model of your first car.

All of these things seem easy to remember, and that’s a good thing in a password, right? Nobody likes to get locked out of an account because you can’t remember whatever tough password you set up when you signed up for Facebook six years ago.

However, easy-to-remember also means easy to guess. Having a transparent password or repeating passwords across accounts leaves you vulnerable to hacking or identity theft and can expose University data and resources to cyber criminals.

Passwords are like vacations - the longer, the better!

A password or passphrase can include letters, numbers, and special characters. Passphrases are phrases and are sometimes from a favorite song lyric or quote. A strong password or passphrase uses a combination of length and character types. The more characters your password or passphrase has, the harder it is to break. With today's computing power, passwords or phrases should be at least 16 characters.

To create a strong password, include at least two of the following types of characters, adding up to 16 total:

  • Uppercase alphabetic characters (e.g., A-Z)
  • Lowercase alphabetic characters (e.g. a-z)

  • Numbers
  • Special characters (e.g. ~ ! @ # $ % ^ & _ *)

When creating a password or phrase, steer clear of:

  • Numbers added to the beginning or end of a word
  • Personal information (such as your User ID, family or pet names, or birthdays)
  • Common keyboard patterns (qwerty)
  • Duplicate characters (e.g. aabbccdd)

Examples of a strong password and passphrase (remember, do not use the examples below!):

a!Phab3T50UpS (The words ‘alphabet soups’ spelled out with other characters)
Superman is $uper str0ng!

What do I need to remember about passwords?

Passwords are the key to all of our digital accounts. It is important to use caution when setting up accounts, and pay attention to which accounts are for personal, school, or work purposes, and which accounts or applications are connected or accessible via a single sign on (for example, after you log into Gmail, you can automatically access Google Calendar). For security purposes, don’t reuse passwords across accounts and don’t use your browser’s “remember password” feature, especially if you are on a public device or connection.

Do not share your passwords with anyone. Remember, the University of Minnesota will never ask you to share your password via phone or email. Only use your University account and password for University business. If you use your University email address and password to login in at another website (like Amazon or Facebook) or share your University password, you risk compromising the security of the University and its data.

Use two-factor authentication whenever possible. This sets an extra layer of security to your online accounts by adding another identifying piece of information in addition to your password. Learn more about two-factor authentication and Duo at the University of Minnesota and beyond.

Change your password immediately if you think your account has been compromised. You can contact Technology Help at the University of Minnesota 24/7 with questions about your digital security or University accounts at or 612-301-4357.

How can I remember all of my different passwords?

It is difficult to remember passwords for all of your different accounts - work or school email, personal email, social media sites, banking or credit institutions, online shopping sites, and on and on and on. A good way to keep your passwords secure yet accessible is to use a password manager. A password manager is a cloud-based or locally-installed tool to help you store all of your passwords securely. You only need to remember a single password or passphrase to access your manager, and then you can access each password as needed without having to remember it.

Recommended password manager applications include: Lastpass, Password Safe, 1Password, and KeePass.

Please note: Lastpass is not approved for use in health care component (HCC) areas. Use password managers like KeePass or 1Password and store the password database on a University-managed device.

What do you think are some of the most common passwords? Well, how about 123456, qwerty, password, football, 1234, welcome, 111111, or abc123? None of these are secure, right? In fact, most are easily guessable by cyber criminals, or even your siblings, significant other, or co-workers. Choosing a strong password or passphrase will set you up for security success and protect your identity and valuable data.

More Resources

Password Managers

Password Safe

Video: Lock Down Your Login Campaign

Learn how to keep your logins safe. Learn more at:

Free online training

Learn how to use Lastpass Password Manager at

Choosing a password manager

Download this SANS OUCH! newsletter to learn more about how to choose the right password manager for you.