Tips for a more secure password
Passwords are to be regarded as valuable information. For this reason, you must choose passwords carefully and think about how you use them. If a system has its own rules about passwords, these requirements have a higher priority that the general advice given here.
Never reveal your password to another person. No one should ask you for your password, not even the technical personnel at the university.
Do not use your LiU password at any other location than LiU.
It can be a good idea to use a passphrase as an alternative to a classical password. Passphrases are often easier to remember and easier to type in (despite being longer), while giving increased safety.
Passphrases consist of a number of randomly chosen words. As long as the words have been chosen truly randomly, numbers, special symbols or similar characters are not necessary.
There are around 6 x 1019 different passwords of length ten characters. If five words are chosen at random from a list of 10,000 words, 1020 possible passphrases can be formed – even if only lowercase letters are used.
A simple way of creating passphrases is to use diceware. A passphrase constructed using diceware should have at least six words.
10 useful tips
If it is not possible to use passphrases or if you prefer to use a classic password, there are a number of things to think about.
- Passwords must be sufficiently long. Nowadays, ten characters is a reasonable minimum length, but it is preferable to use at least fifteen characters.
- Passwords must contain different types of character. Use at least one number, one special character (plus, minus, slash, full stop, etc.) and one uppercase letter. On the other hand, it is a good idea to avoid such characters as “å”, “ä”, “ö”, etc., which can cause problems on certain systems.
- Do not use your username, name or other personal information as a password or even part of a password. It is far too easy to find such information.
- Avoid words from dictionaries and the names of other people, places, countries, etc. People who try to crack password use long lists of common words and names from several languages.
- A good way to create a password can be to make up a chant that is easy to remember. Then take the first letter of each word to make the password, and remember to use both uppercase and lowercase letters with some numbers and special characters. And the more childish and funny the chant, the easier it will be to remember it!
- If you must use the same password on several systems, remember to never use the same password for secure or important systems as the one you use for insecure or unimportant ones. Never use your LiU password for services outside of LiU.
- Avoid writing your password down. If you must, despite everything, do so, never write in the same place the password, username and identity of the system for which they are used. Remember that obvious places are poor places to store account information. For this reason you should store paper notes in secure places, and not under the keyboard or the top drawer of your desk.
- Change password when necessary. If you suspect that your password has become known by anyone else, change it immediately. There is no real reason to change password regularly. The only reason may be to change to a password that is longer or easier to remember.
- Never send a password by normal, unencrypted, email. There is a risk that it goes to the wrong recipient or that someone eavesdrops on it as it passes.
- No one should ever ask for your password. This is the case for the LiUIT Helpdesk and all other system personnel. If someone does ask: refuse to reveal your password and report the event immediately to the LiU IRT.
- Change your password in MinIT.
If you have forgotten your password or need a new activation key:
Contact IRT in the event of any difficulties
Never hesitate to contact the IT security unit at LiU (IRT) if you are the target of, for example, attempted fraud, phishing or a virus infection. We are fully aware that sometimes things simply go wrong, and we want to help you minimise any damage or problems that arise.
Tel. (013) 281744
- email@example.com (to report spam)
- firstname.lastname@example.org (to report authentic mail erroneously labelled as spam)
- email@example.com (other matters).
Full contact details of the IRT are available here.
Training for your unit, division or work group
The IRT at LiU offers internal training in IT and information security. Take preventative action and learn more about a specific area, or obtain a general review.
Last updated: Fri Feb 22 07:56:50 CET 2019