1. The minimum number of characters in a password is twelve characters with a maximum of 20 (as every additional character makes a password harder to guess).
  2. Use complex passwords including upper and lower case, alpha numeric and special characters symbols. Examples of special characters are # $ % & ' ( ) * + - / : ; < = > ? @ [ \ ] ^ _ ` { | }
  3. Simple passwords with nouns are the easiest to crack. While your pet’s name might be easier to remember it would be easy to guess if people know you. Passwords such as Thomas14, LeedsBeckett123, or Fluffy999 would not be strong against a hacking programme.
  4. You should have different passwords for standard user accounts and privileged accounts.
  5. Please don’t use your username, actual name or business name. These can be found on your staff ID, social media accounts or email signatures and are easy to guess.
  6. Numbers should be random and have no relation to another number in your life, such as birthdays, phone numbers or home address numbers. Also don’t use sequential numbers such as 123 or 5678.
  7. You may love Leeds United Football Club or The Rhinos Rugby Team, but remember they make better sports teams than passwords. Often Hackers will look on social media to find out more about targets and they use that information to design software that can guess passwords. So ‘Leedsunited55’ or ‘Rhinos123’ are not good choices.
  8. This may surprise you but one of the most common passwords is ‘password’ and it almost always the first one people try when trying to penetrate a system.
  9. Common dictionary words are easily guessed by hacking programmes. Passwords such as Racecar123 or Butterfly32 can quickly be cracked. Try using random letters and numbers or misspell words and add capitalisation in the middle of a word.
  10. People often choose simple passwords because they are quick to type in and easy to remember. This is understandable as we enter a password on average eight times a day. But our passwords are part of the armour that protects our systems and data, which is why time needs to be taken to craft and remember passwords. When you change your password, take ten minutes to commit it to memory, repeating it in your head until you have it down pat. You should never write down your password or keep it saved anywhere except in your memory. 

If you need help with passwords you can also take a look at the Passwords & Cyber Security page on the Library website, which includes a FAQ with examples of the sorts of passwords you could use. You should also set up Multi-factor Authentication to keep you safe online and then you can reset your own password and unlock your account without needing to contact us! 

Originally published April 2021

More from the blog

All blogs