Picking Strong Passwords and Passphrases

At Brandeis we support the use of both passwords and passphrases. A password is shorter (a minimum of 10 and usually no more than 14 characters) and has at least one digit, lower and upper case letters, and a special character such as an exclamation mark.

A passphrase is much longer but generally much easier to remember. A passphrase is a simple sentence made of up ordinary words, some of which should be capitalized, separated by a space. A passphrase is required to be at least 15 characters long and at a maximum 30 characters.

To create a strong password make sure it’s:

  • 10 or more characters in length
  • Use at least 1 upper and 1 lower case alphabet character (a-z and A-Z)
  • Include at least 1 number (0-9)
  • And at least one symbol ( !@#$% )
  • Don’t use dictionary words or characters in long strings on the keyboard, e.g., asdfg

It’s safer and easier to use a good passphrase:

Password/Passphrase 

Strength 

ros3bud99 weak – hacked in seconds
rosebud was the sled Medium – hacked in years
Rosebud Was The Sled  Strong
Rage against the dying of the light Spectacular
Borges Nabokov Durrell Strong

(Note – do not use these particular examples, they’re not permitted!)

In short: if you’re going to change your password, change it to a passphrase. Select 4-6 unrelated words you’ll easily remember, separate them by a space and capitalize a few of them. Feel free to throw in a symbol here and there just to be sure. When you change your Brandeis password or phrase a small window will pop up telling you how resistant to guessing or hacking what you’ve typed is.

Almost every website that explains all of this includes a link to this comic that explains it all better than we can. So enjoy: http://xkcd.com/936/

Related Resources