University of Calgary

Creating Strong Passwords

Submitted by powlesla on Thu, 2007-03-01 15:00.

Introduction
Risks of Weak Passwords
Creating Strong Passwords
Checking your Password
IT Accounts

Introduction

A password is a string of characters that is used to gain access to a computer system. Passwords and usernames are the most commonly used method to confirm a person’s identity. While usernames are public, passwords are secret. Therefore it is important to create a strong password in order to prevent others from gaining access to your computer and the information stored on it.

Risks of Weak Passwords

If your password is compromised, you run the risk of someone:

  • Reading and altering your computer or information on it.
  • Assuming your identity over email, IM etc.
  • Using your computer for spam, viruses or to attack other computer systems.

Passwords can be revealed if you:

  • Tell them, accidentally or on purpose.
  • Write it down and it is found.
  • Choose an easily guessed password.
  • Do not change the password from the default or leave the password blank.
  • Choose trivial, repetitive or sequential passwords (eg. password, 0000 or 123456).
  • Use your ucalgary user name or family name.
  • Use the same password for multiple systems.

Hackers and viruses search the Internet looking for vulnerable computers. If you have a weak password your computer can be taken over remotely. Avoid using passwords that can be found in a dictionary or is a common name. This includes words in which some of the letters have been replaced by special characters that look similar to the letter (eg. p@ssw0rd).

Over time any password can be discovered therefore it is recommended that passwords be changed on a regular basis for maximum security.

Creating Strong Passwords

The following rules for passwords are enforced for IT accounts:

  • A minimum of 7 characters.
  • With 3-4 of the following classes of characters:
    • Upper case (A-Z)
    • Lower case (a-z)
    • Numerals (0-9)
    • Special characters (excluding " ' - $ / \)
    • the password is case sensitive (e.g. ABC#DEF is not the same as abc#def)
    • spaces are not allowed
    • passwords containing 3 or more letters in a row from your full name or username will not be accepted by the Enable Windows Login utility (e.g,, if Jane Smith has a user name of jasmith, her password should not contain 'ith' or 'JAS').

Passwords can be further strengthened by:

  • Eliminating common words that can be found in dictionaries.
  • Connecting two multiple unrelated words with a special character between them.
  • Using an easily remembered formula to scramble a word.
  • Using pass phrases (a sentence reduced to first letters, numbers and punctuation marks).

Checking your Password

To check the strength of your password on either a Mac OS or Windows PC:

  • On Windows, go to the Password Checker website offered by Microsoft.
  • On Mac, use the Password Assistant, click the Key icon to the right of the password field to test the strength of the new password.

IT Accounts

More information regarding your IT accounts can be accessed through the IT Computing Accounts webpage or the Passwords webpage.

To change the password associated with your IT Username, go here.

Search IT