Password security

It is important that you choose a strong password and change it regularly. Your password should be something that only you know and can remember easily, but that is hard for other people to guess. The most secure password is actually a ‘passphrase’. A passphrase is a random combination of letters, numbers and keyboard symbols. The following simple precautions can help you to create better passwords, and keep them safe.

Choosing a strong password

Characteristics of a good password

A good password or passphrase should be easy to remember, but hard for anyone to guess (even if they know you well).

It should ideally also:

• contain a mix of upper case (A-Z), lower case (a-z), numerals (0-9), and ideally special characters (such as ^, !, @ and %)
• be at least 8 characters long (and even longer is better)
• not be a simple dictionary word, well-known quote, song lyric, or the like
• not be based on your name or other things about you (like the name of a pet or favourite sporting team).

The ANU Password Selection and Protection Guidelines lists specific requirements for ANU passwords.

Tips for creating a strong password

Choose a key phrase (maybe from a song or a poem): "What a great day for a walk", for example. Use the first letter or so of each word, mixing up the case or swapping in some digits: "WaGrd4aW"

Feel free to make up your own scheme, the important thing is that it's hard to guess and easy to remember.

Tips for creating a strong passphrase

Pick a nonsense phrase: "Orange bishop nightingale", for example, and mix it up a little: "Orange4bishop?Nightingale!"

A passphrase like this is practically impossible to guess, for both people and computers, and easy to remember.

Keeping your password safe

Don't share it!

Under the ANU Guidelines, passwords should not be shared with others. This includes sharing with colleagues, supervisors or friends.

ANU support staff will never ask you for your password either via email or over the telephone. Please treat any such requests with suspicion, and report them to ANU IT Security.

Be aware of who is looking when you enter passwords — one of the easiest ways to steal someone else's password is simply to watch it being entered.

Be cautious if you write it down

A well-selected password should be memorable enough to remember without writing it down. If you need to, consider writing a hint (rather than the password itself), don't write down the username or what the password is for, and make sure you keep it in a safe place.

Change your password regularly

Immediately change your password if you suspect it is known by someone else or if you have your password reset by support staff.

While it can be convenient to only remember one password, it can also add risk. Someone who gains access to one service with your password will access to everything that uses that password. Consider using different passwords for different purposes, particularly for internet banking and similar secure service sites.