Contact Us

NSIT Support Line
Dial 4-TECH (773-834-8324)
M-F 8:30AM-6:00PM
support@uchicago.edu

Home > Services > Safe Computing > Good Password Practices

Safe Computing

Safe Computing Home | Don't Be a Victim | Don't Be an Enabler | In Case of Trouble | Posters

Good Password Practices

It can be difficult to choose a good password: the password should be fairly long and shouldn't be guessable, but at the same time it should be easy to remember. If the password is difficult to remember, you will find that you need to write it down. It is not a good idea to write down passwords as someone else can find the paper you have written it on (or the file you have put it in) and digitally impersonate you.

Before talking about how to choose good passwords, here are a few reminders of good general password practices:

  1. Choose a good password. Use a mix of numbers, letters and non-dictionary words to create strong, hard-to-crack passwords, and never give your password to anyone for any reason.
  2. Never share your password.
    Your account is assigned to you. You will be held responsible for the activities of the account. Your password is like your signature; giving it to other people is like giving them the authority to sign your name -- and implies that whatever they do has your approval.

    We do see cases where people will use someone else's email account to send harassing email. Don't let this happen to you.
  3. Never write down a password. 1
    Passwords that are written down can be easily stolen.
  4. Change your password with some frequency.
    The longer that you have used your password, the more likely it is that someone else will manage to figure it out. Just how frequently you should change your password depends on how frequently you use it and what you are protecting with it. For example, you may wish to change a password used to give access to financial information more frequently than one to give access to read the news on a web page.
  5. Never store your password in a program.
    Many email clients, web browsers, and web services will offer to store your password for you so that you don't need to type it in each time you want to use it. This is a bad idea -- it is generally trivial for people to recover your password from inside one of these programs if they have access to your computer (and sometimes even if they don't).
    It is also possible for some computer viruses to recover your password from such stores and email them to random people or post them publicly on the Internet. Such viruses may even distribute the password before anti-virus software is able to locate and remove the virus.
  6. Consider storing your passwords with the Network Security Center.
    Some groups may wish to securely store passwords with a third party to prevent the loss of passwords through any number of factors. The University of Chicago Network Security Center offers a free password escrow service for this purpose.

1 While receiving a new password or passwords you may wish to write down your password until that you have a chance to memorize the password or passwords. If you do this, you should take extreme care not to lose the paper you have written it on. You should destroy the paper (e.g. tear it to shreds) once you have learned the password or passwords.

Last updated: 5/15/08