Tips for creating strong passwords and passphrases
To help prevent unauthorised people from accessing files, applications and other resources on your PC, you can use passwords or passphrases. A passphrase is typically longer than a password, offers added security and uses multiple words. Whether you use a password or a passphrase, you should make it strong, which means that it's difficult for anyone to guess or for a hacker to decode. It's a good idea to use strong passwords on all user accounts on your PC.
What makes a password or passphrase strong?
| A strong password: | | A strong passphrase: |
|---|
Is at least eight characters long. Doesn't contain your username, real name or company name. -
Doesn't contain a complete word.
-
Is significantly different to previous passwords.
| |
Is 20 to 30 characters long. Is a series of words that create a phrase. Doesn't contain common phrases found in literature or music. Doesn't contain words found in the dictionary. Doesn't contain your username, real name or company name. Is significantly different to previous passwords or passphrases.
|
Strong passwords and passphrases contain characters from each of the following four categories:
|
Character category
| |
Examples
|
|
Upper case letters
| |
A, B, C
|
|
Lower case letters
| |
a, b, c
|
|
Numbers
| |
0, 1, 2, 3, 4, 5, 6, 7, 8, 9
|
|
Symbols found on the keyboard (all keyboard characters not defined as letters or numerals) and spaces
| |
` ¬ ! " £ $ % ^ & * ( ) _ - + = { } [ ] | \ : ; @ ' ~ # < , > . ? /
|
A password or passphrase might meet all of the above criteria and still be weak. For example, Hello2U! meets all the criteria for a strong password listed above, but is still weak because it contains a complete word. H3ll0 2 U! is a stronger alternative because it replaces some of the letters in the complete word with numbers and also includes spaces.
Show all
Use these tips to help yourself create and remember strong passwords or passphrases:
-
Create an acronym from an easy-to-remember piece of information. For example, pick a phrase that is meaningful to you, such as My son's birthday is 12 December 2004. Using that phrase as your guide, you might use Msbi12/Dec,4 for your password.
-
Substitute numbers, symbols and misspellings for letters or words in an easy-to-remember phrase. For example, My son's birthday is 12 December 2004 could become Mi$un's Brthd8iz 12124, which would make a good passphrase.
-
Relate your password or passphrase to a favourite hobby or sport. For example, I love to play badminton could become ILuv2PlayB@dm1nt()n.
If you think you must write down your password or passphrase to remember it, make sure you don't label it as such, and keep it in a safe place.
Extended ASCII characters help make your password or passphrase stronger and more secure by increasing the number of characters you can choose from. However, you should first make sure that passwords and passphrases containing extended ASCII characters are compatible with the applications that you or your workplace are using, especially if your workplace uses several different operating systems or versions of Windows.
To find extended ASCII characters, swipe in from the right edge of the screen, tap Search, then enter Character Map in the search box. (If you're using a mouse, point to the top-right corner of the screen, move the mouse pointer down, click Search, then enter Character Map in the search box.)
Before you use an extended ASCII character in a password, make sure that there's a keystroke defined for it in the bottom of the Character Map dialogue box.
