Passwords are the keys that open the doors to your own and your organisation's information and should be treated with care.
Things to remember
Creating a password
When creating a password, choose something that is personally memorable but difficult for others to guess:
- Make sure that your password comprises at least 8 characters (longer is better)
- Choose one that is complex but easily remembered e.g. '!Lov3MyPian0' or 'iW0rk@th3UoR'
- Never use your username in any form as your password
- Never use your surname or given name in any form
- Don't use any information about you that is easily obtainable, such as your car registration number, your birthday, your child's or your pet's name, your favourite holiday destination or your favourite sports team or hobby
- Don't use word or number patterns like aaabbb, qwerty, zyxwvuts, 123321, etc.
- Avoid the use of an ordinary word preceded or followed by a digit (e.g. secret1, 1secret)
- Don't change your password by simply adding a number every time you change it (e.g. Password1 to Password2)
- Don't reuse or recycle your password
- Never write your password down
- Immediately change your password if you think that it has been revealed to anyone else or compromised
In addition, make sure that your password is:
- Private - It is used and known by you only
- Secret - It does not appear in clear text in any file or program in any medium
Using a password
Using different passwords on different systems will help prevent unauthorised persons from gaining access to your accounts and data on other systems if your password is compromised on one system.
Do not use the same password for work and personal/home systems.
Consider using a password manager (sometimes called a password vault) to manage different passwords. Password managers help generate and retrieve long, complex passwords for use across different sites and services, with no memory burden. Popular password managers include LastPass, KeePass and 1Password.
Protecting a password
Passwords should never be shared with anyone, including your manager, IT department staff or security staff. Legitimate University of Reading IT staff will never ask you for your password.
Giving someone your password allows them to use your identity on the network. You will be responsible for any system misuse or security incident if someone has logged in using your ID.