Passwords | BYU Information Security Skip to main content
Information Security

Passwords

slideNumber:

Do's and Dont's

Essential standards include:

  • Passwords must be at least 15 characters long
  • Include at least two of these:
    • uppercase letter
    • lowercase letter
    • number
    • symbol
  • Do not use previous passwords, BYU NetID, or NetID password reset answers
  • Finally, passwords must be different than passwords used elsewhere

More...

  • Do not share your passwords with anyone, including coworkers, students, assistants, or family members.
  • Use Multifactor Authentication, and do not accept any authentication prompts you haven't initiated
  • Always report suspicious activity to the CES Security Operations Center at 801-422-7788

Visit the IT Standards Site

Strength = Variety x Length

If your password gets stolen in an encrypted form (often in significant breaches), your best chance at avoiding decryption is having a long password. Every extra character in a password exponentially increases the time a hacker will take to decrypt it.

Pro Hint: Use Pass Phrases

A passphrase is a series of words, including spaces if desired, that can be used instead of a single pass "word." Passphrases are easier to remember than complex passwords. Passphrases should be at least 16 characters (spaces count as characters). Longer is better because, though pass phrases look simple, the increased length provides so many possible permutations that a standard password-cracking program will not be effective. Disguising simplicity by throwing in elements of weirdness, nonsense, or randomness will help make it more secure. For example:

pizza Home cosmic spaniels
foggy tooth jazz pants

Adding punctuation and capitalization to your phrase, adding a few numbers or symbols from the top row of the keyboard, and using deliberately misspelled words will create an almost unguessable password. For example:

Pizza Home Cosmic Spaniels?
P1zza 4 Hom3 Cosmik Spanielz!

Foggy Tooth Jazz Pants!
Fogggy Toooth J4zz P@nts?

Password Managers

Password managers are third-party applications that encrypt and store passwords for you—either ones you've made or auto-generated passwords that are highly hacker-resistant. You only need to remember one password to access the others your password manager keeps—but follow the tips on this page to make it a strong one, just in case!

Popular password managers include LastPass, Dashlane, KeePass, Bitwarden, or 1Password. Always research before choosing a password manager.

Watch A Password Video