Best Practices — Passwords

 ✔ DO

  • Use a password of 32 characters or more (minimum is 12 characters)
  • Include both upper-case and lower-case letters
  • Include one or more numerical digits
  • Include one or more special characters, such as !@#$%, etc. (embedded spaces are OK, but not at the beginning or end)
  • Use a password manager to generate and keep track of all your passwords, and to keep them secure.


  • Use words from your personal information or other easy-to-guess sources, e.g. calendar dates, telephone numbers, license plate numbers, spouse or pet names, etc.
  • Use dictionary words, e.g. football,  monkey,  antidisestablishmentarianism,  etc.
  • Use keyboard patterns, e.g. qwertyuiop,  1qaz2wsx,  !@#$%^&*,  etc.
  • Use simple sequences, e.g. abc123,  9876543210,  aeiouy,  etc.
  • Use common passwords, e.g. letmein,  passw0rd,  trustno1,  etc.
  • Write down or store (in plain text) your password where it can be easily found
  • Re-use the same password for different sites, otherwise a compromise of one of your accounts can expose others