10 ways to make your password stronger

1. The minimum number of characters in a university password is twelve characters, with a maximum of 20. Every additional character makes a password harder to guess. Try combining three random words to create a password that's 'long enough and strong enough' to be secure, but also easy for you to remember. An example might be applevaderbiro (the fruit, the Star Wars character, something you can see on your desk). The key idea here though is 'random'. Three connected words, like marioluigipeach, could be easily crackable
2. Make your password 'complex' by including upper and lower case, alpha numeric and special characters symbols. Examples of special characters are # $ % & ' ( ) * + - / : ; < = > ? @ [ \ ] ^ _ ` { | }. Try using random letters and numbers or misspell words and add capitalisation in the middle of a word. So the password from point 1 could become @pplevAderb!r0
3. Simple passwords with a single noun are the easiest to crack. While your pet's name might be easier to remember, it would be easy to guess if people know you. Passwords such as Thomas14, LeedsBeckett123, or Fluffy999 would not last long against a hacking programme. Similarly, you may love Leeds United Football Club or The Rhinos Rugby Team, but remember they make better sports teams than passwords. Often Hackers will look on social media to find out more about targets and they use that information to design software that can guess passwords. So Leedsunited55 or Rhinos123 are not good choices
4. Don't worry though as help is at hand. Some systems, including the university network, have protections that will help you set a good password by rejecting ones that are known to be really bad, that may have been used in an old cyber-attack, or that don't meet the minimum complexity requirements
5. Always use a different password for different accounts. If your TikTok account password falls into the wrong hands, you don't want them to have access to your bank or university network account as well. Privileged or administrator accounts must also have different passwords to standard user accounts within the same service
6. Please don't use your username, actual name or business name. These can be found on your staff ID, social media accounts or email signatures and are easy to guess
7. Numbers should be random and have no relation to another number in your life, such as birthdays, phone numbers or home address numbers. Also don't use sequential numbers such as 123 or 5678
8. Never share your password with anyone, even if they are a colleague, friend, or family member. The information that your account provides access to must be protected from accidental or deliberate misuse by others, and you need to protect yourself from the impact of that happening
9. Hackers will also try to lure people into providing passwords and other log-in details in response to emails, Teams messages, or on social media messages that appear to be from legitimate senders. A real company like Microsoft will never threaten you with being locked out of an account if you don't urgently confirm your password. Always be suspicious if you receive messages that ask you to visit a webpage to change or confirm your password
10. People often choose simple passwords because they are quick to type in and easy to remember (This may surprise you but one of the most common passwords is password and it is almost always the first one people try when trying to penetrate a system). This is understandable as we enter a password on average eight times a day. But our passwords are part of the armour that protects our systems and data, which is why time needs to be taken to craft and remember passwords. When you change your password, take a few minutes to commit it to memory, repeating it in your head a few times. You should never write down your password or keep it saved anywhere except in your memory, unless using a secure depository such as a password manager

If you need help with passwords you can also take a look at the Passwords & Cyber Security page on the Library website, which includes a FAQ with examples of the sorts of passwords you could use. You should also set up Multi-factor Authentication to keep you safe online and then you can reset your own password and unlock your account without needing to contact us!

Originally published: April 2021

Last updated: March 2024