Choose Strong Passwords and Keep Them Safe

A strong password or passphrase uses a combination of length and character types. Learn what to do and not to do to keep it safe. For extra protection, use two-factor authentication where available.

Challenge

Many tools exist to guess your weak password or steal your password.

An unauthorized person can use these passwords to access files and data, including your personal information (e.g., bank, benefits, health, financial aid), email, academic work, or University private data (e.g., student grades, birth dates, protected health information, proprietary research). They can also send malicious emails impersonating you.

So what makes a strong password, passphrase, or PIN, and how can you protect it?

Solutions

Choose a Strong Password, Passphrase, or PIN

A password or passphrase can include letters, numbers, special characters (including spaces). Passphrases are words strung together into a phrase. A strong password uses a combination of length and character types, while a strong passphrase uses length and uniqueness of the words.

For mobile devices, use a complex password/passphrase, complexly drawn pattern, or fingerprint instead of a simple 4 digit PIN.

What to Include

Longer passwords or passphrases increase strength. Use a non-repetitive sequence of characters or words.

Learn more about how to create a secure and memorable passphrase.

Other Things to Remember

When creating a password, passphrase, or PIN:

• Avoid a number added to the beginning or end of a word.
• Avoid personal information (e.g., user ID, family or pet name, birthdate, or phone number).
• Avoid a keyboard pattern (e.g., qwerty) or duplicate characters (e.g., aabbccdd).

Keep Your Passwords, Passphrases and PINs Safe

Follow the good practices below.

Do

• Protect your University of Minnesota Internet password and Duo Two-Factor Authentication access. These allow access to important University systems (e.g., MyU, UMN Google mail/apps, and PeopleSoft).
• Use your University Internet ID and password for University accounts only.
• Use a unique ID and unique password for your personal accounts (e.g., your bank, personal email, and social media accounts).
• Use your Duo access wherever available when accessing University systems or data.
• Change your passwords or passphrases periodically or if you suspect someone else knows it.
• Report suspected misuse of University of Minnesota Internet password and Duo access to University Information Security at [email protected].
• Store hints about passwords or passphrases, rather than the password or passphrase itself, in a secure location (e.g., wallet, locked file, or password manager).
• Use a password manager application with strong encryption. Learn more about the good practice to use a password manager.
• Completely close all applications you use on public computers when you leave and lock the screen of your personal device when it is unattended.

Do Not

• DO NOT share your University of Minnesota Internet password and Duo Two-Factor Authentication access with anyone. Watch for phishing scams that try to trick you into sharing your ID and password via email or web forms.
• DO NOT store your passwords in an unencrypted format (e.g., document, Wordpad, notepad, or email).
• DO NOT use “save my password” or “remember my password” features.
• DO NOT reuse a password or passphrase or change only one character.
• DO NOT use the same password or passphrase for multiple accounts (e.g., your email and bank accounts).