Password Strength (Draft)

Use a minimum of 8 characters and a combination of at least three of the following:

  • Capital letters
  • Lowercase letters   
  • Numbers  (0123456789)
  • Non-alphanumeric symbols or special characters (!#$%^&*()_+={}|”:?/;’\][><, )

Don't use:

  • Proper names or dictionary words—in any language
  • International characters

Never:

  • Share passwords or use the same password for all systems you access.

Additional Security

Consider using a pass phrase instead of a password.

Passwords can be hard to remember, so don't forget that you can use pass phrases instead. Pass phrases are short, fun sentences with spaces between the words.  Imagine an incredible or funny scene and make that your easy-to-remember pass phrase.

For best results, avoid well-known phrases and include words that are misspelled, or not found in the dictionary.

Here are some examples:

  • kitty ate my face off!
  • my 10 pups play fight
  • naked clowns cost $$$
  • 20 carbs a day max
  • Vader is my father dude
  • a 200% raise is nice
  • Sugar is g00d for me.

Create shared secrets that are difficult to guess.

If you forget your password, some systems such as mySFU, allow you to use shared secrets to access your account and reset your password.  Only you should know the answers to your shared secrets and they should never be revealed to others.

When creating shared secrets, it is important to choose a question and answer that you will remember but that others are unlikely to know or guess.

Examples of good shared secrets:

  • What was the last name of my first crush?
  • Where did I go on my winter vacation in "year"?
  • What is the name of my favorite teacher?
  • What was the last name of my childhood friend "first name"?

Examples of poor shared secrets:

  • What colour is my hair? (Never use information that can be obtained easily.)
  • What is my phone number? (Never use publicly available information.)
  • Do I own a horse? (Never use yes/no questions.)