Skip to main content

Cyber guidance - password security

Cyber guidance

Passwords

​Passwords are the first line of defence to the university's sensitive information. Passwords are gate-keepers to information and must be looked after. The bad news is that if you use easy to guess passwords or use the same passwords for multiple logins, you make yourself and the university vulnerable to attacks. The good news is that protecting yourself and the University is simple matter of forming good habits and sticking to them.

Question: My manager asked if she could borrow my login details for the new finance system she had not yet been set up on. I politely refused and suggested she contacts the Information Services department. She seemed annoyed and suggested I was being overcautious. Was I right in refusing her request?

Answer: Yes. You were absolutely right to refuse. You should never share your password with anyone. Remember, there is no such thing as "borrowing" your login details. Once you have shared your details, you have no way of knowing who has access to it.

Simplicity of cracking passwords

LengthLowercaseAnd uppercaseAnd numbers and symbols
6 Characters10 minutes10 hours18 days
7 characters4 hours23 days4 years
8 characters4 days3 years463 years
9 characters4 months178 years44,530 years

Password creation best practice

      • Make your password memorable. It's no use if you have to write it down.
      • Think of a favourite song lyric or pick a phase as the basis for your password
      • Use a mixture of letters (upper and lower case) and numbers
      • Replace oblivious letters with numbers (placing numbers a logical place will make the password easier to remember). Example: At Brunel University could be @Brun3lUn1v3rs1ty
      • Never, ever write down your password down anywhere
      • Never share your password with anyone
      • Use different passwords for different systems
      • Use different passwords for university and personal purposes

Remember - Having multiple passwords increases the risk that you will forget them. To make to passwords easier to remember use variations of the same passwords