courtesy of XKCD

Passwords protect your identity, your work, and your privacy. They prevent unauthorized access to your electronic accounts and devices. The goal in creating a good password is to make it as difficult as possible for a potential intruder to identify it by guessing, brute-force, or automated attacks. 

Never share passwords with anyone. If you know or suspect your password has been compromised, change it immediately. DO NOT use the same password for multiple accounts. DO NOT use close variations for different accounts.

Password phrases are a good option. Include alternate characters.  For example, "I hate to use passwords on my accounts" can become "Ihate2usepasswordsonmyaccounts" (30 characters) or "!hat32uzepa$w0rdsonmiactz" (25 characters) or even "iH@t32zpwsM!ktz" (15 characters).  Use a pattern match that you will remember (use '3' for 'e', '!' for 'i' or 'I', '4' for 'for', '@' for 'a' or 'at', '$' for an 'S', etc.) 

Tips include:

  • Use at least 12 characters, preferably more
  • Use a combination of uppercase letters, lowercase letters, numbers, and symbols
  • Do not use a word that can be found in a dictionary, or the name of a person, character, or organization
  • Avoid common word combinations

It is recommended using a "passphrase" which is a type of password that consists of multiple words that may form a sentence or other series of words in a certain context that is easy to remember for the user. 

Active Harvard students, faculty, and staff are eligible for 1Password, a password account manager. 1Password allows users to generate and securely store passwords.