Create strong passwords

Armed with your passwords, criminals can get into your online accounts or profiles and steal your money, identity and more. They could even try to blackmail you. That's why you need passwords that are practically impossible to crack, and why you should never share your passwords, even with people you trust.

At a glance

  • Never give your passwords to anyone. Ever.
  • For strong passwords, use long passwords - at least 16 characters.
  • Create a different password for every account. 
  • Do not re-use any password that you previously used for any service.
  • If you've had your password stolen, change it and report it immediately.
 
AT OXFORD

University password security

Keeping your Oxford Single Sign On (SSO) and other University account passwords secure is crucial, not only to protecting your email account, but also to preventing unauthorised access to a whole host of University services and data. As a result, the University places a lot of emphasis on password security and it’s important you do your bit to keep your password safe.

Password management at Oxford

Good

Do

  • Minimum of 16 character passwords for all University accounts.
  • Pick four random words and use them as your password, e.g. CorrectHorseBatteryStaple. But please do not use this example!
  • Use a password manager like LastPass or KeePass to generate and store long, random, complex passwords.
  • If you must write down any password, keep it somewhere secure which only you can access. 

 

Don't

  • Do not use one long word, even an obscure one. Use multiple, unrelated words.
  • Do not re-use passwords. Ever.
  • Do not use something you have already used as an answer to a security question on any system.
  • Do not use passwords based on personal information that another person might be able to guess or discover online. Examples include: your college or department, names of family, friends or pets, birthdays, car registrations, holiday destinations, and many more.

 

 

 

THE BASICS

How to create a strong password

The main thing is that your password should be at least 16 characters long. Create your password by choosing four unrelated words that are memorable to you, e.g. CorrectHorseBatteryStaple. That's it! Despite the fact that many websites insist you use a mix of character types (e.g. upper case, lower case, numbers or symbols) to make your password secure, length is the easiest way to make passwords practically unbreakable.

Some systems may still require you to create a password that includes a mix of characters and has a limited character length. To meet such requirements you can adapt your four random words passwords by changing some letters or inserting some digits or symbols, e.g. Corr3ct-Hors3-B@tt3ry-St@pl3. Be aware that this will affect the memorability of your password, so we encourage you to make use of password managers such as LastPass where possible.

How to keep your passwords out of the wrong hands

There's little point having a cast-iron password that takes trillions of years for a computer to crack if you let criminals pinch it from under your nose. The three main ways passwords find their way into the wrong hands are through phishing, malware and companies who don't do enough to keep your information safe. Creating different strong passwords for every account will limit the damage if your personal details get leaked.

How to create a different password for every account

It is difficult to manage a large number of strong unique passwords for each account, so we strongly recommend using a good password management application. There is a wide variety of free and commercial password managers available, such as LastPassKeePass, Apple Keychain, or 1Password. Many have handy extra features such as the ability to generate truly random and almost unbreakable passwords at the click of a button.