Tips to create strong passwords and passphrases
To help prevent unauthorized people from accessing files, apps, and other resources on your PC, you can use passwords or passphrases. A passphrase is typically longer than a password, offers added security, and uses multiple words. Whether you use a password or a passphrase, you should make it strong, which means it's difficult for anyone to guess or for a hacker to decode. It's a good idea to use strong passwords on all user accounts on your PC.
What makes a password or passphrase strong?
| A strong password: | | A strong passphrase: |
|---|
Is at least eight characters long. Doesn't contain your user name, real name, or company name. -
Doesn't contain a complete word.
-
Is significantly different from previous passwords.
| |
Is 20 to 30 characters long. Is a series of words that create a phrase. Doesn't contain common phrases found in literature or music. Doesn't contain words found in the dictionary. Doesn't contain your user name, real name, or company name. Is significantly different from previous passwords or passphrases.
|
Strong passwords and passphrases contain characters from each of the following four categories:
|
Character category
| |
Examples
|
|
Uppercase letters
| |
A, B, C
|
|
Lowercase letters
| |
a, b, c
|
|
Numbers
| |
0, 1, 2, 3, 4, 5, 6, 7, 8, 9
|
|
Symbols found on the keyboard (all keyboard characters not defined as letters or numerals) and spaces
| |
` ~ ! @ # $ % ^ & * ( ) _ - + = { } [ ] \ | : ; " ' < > , . ? /
|
A password or passphrase might meet all the criteria above and still be weak. For example, Hello2U! meets all the criteria for a strong password listed above, but is still weak because it contains a complete word. H3ll0 2 U! is a stronger alternative because it replaces some of the letters in the complete word with numbers and also includes spaces.
Show all
Use these tips to help yourself create and remember strong passwords or passphrases:
-
Create an acronym from an easy-to-remember piece of info. For example, pick a phrase that is meaningful to you, such as My son's birthday is 12 December, 2004. Using that phrase as your guide, you might use Msbi12/Dec,4 for your password.
-
Substitute numbers, symbols, and misspellings for letters or words in an easy-to-remember phrase. For example, My son's birthday is 12 December, 2004 could become Mi$un's Brthd8iz 12124, which would make a good passphrase.
-
Relate your password or passphrase to a favorite hobby or sport. For example, I love to play badminton could become ILuv2PlayB@dm1nt()n.
If you think you must write down your password or passphrase to remember it, make sure you don't label it as such, and keep it in a safe place.
Extended ASCII characters help make your password or passphrase stronger and more secure by increasing the number of characters you can choose from. However, you should first make sure that passwords and passphrases containing extended ASCII characters are compatible with the apps that you or your workplace are using, especially if your workplace uses several different operating systems or versions of Windows.
To find extended ASCII characters, swipe in from the right edge of the screen, tap Search, and then enter Character Map in the search box. (If you're using a mouse, point to the upper-right corner of the screen, move the mouse pointer down, click Search, and then enter Character Map in the search box.)
Before you use an extended ASCII character in a password, make sure there's a keystroke defined for it in the bottom of the Character Map dialog box.
