Skip to content
Skip to navigation menu

 

Choosing a Password

As computer users we each have a responsibility to prevent others from breaking into the computer system through our computer account.

What makes a good password?

A good password should be easy to remember but must be difficult to guess:

  • Do not make the password the same as your account name.
  • Do not use your surname or any of your forenames as a password.
  • Do not use the names of your boy or girlfriend, relative, dog, cat, budgie ...
  • Do not use your car registration number - even an old one!
  • Do not use your address.
  • Do not use any word found in a dictionary (nor plurals) even with a numeral on the end.

A good password should:

  • Be at least six characters long (with a maximum length of 12 characters)
    - a longer password is harder to crack, but may be more difficult to remember.
  • Ideally be a random sequence of letters, numbers and punctuation characters 
    (except for "  £  <  and  % ) - hard to break but also hard to remember!
  • Be a mixture of upper and lower case letters - all Cardiff University systems recognise case sensitivity in passwords.

A good password could:

  • Be bits of more than one word joined by punctuation (eg riti-lio from bRITIsh LIOns).
  • Use the initial letters of a memorable phrase.

Good practice

Do not write your password down.

Do not divulge your password for any reason. Divulging your password contravenes Information Services Regulations and University Regulations by which you are bound.

Do not log in with someone looking over your shoulder.

If you think your password may have been compromised, change it as soon as possible. If in doubt please contact insrvConnect, who will change it for you.

If you are not going to use your account for some time, set the password to gibberish and have it reset by us when you wish to use it again. Crackers like dormant accounts - no-one will notice extra files appearing in such an account.

Use the password strength testing tool to check the strength of your password.