// ANU - ANU IT Security Site - IT Security
Skip Navigation | ANU Home | Search ANU | Sophos
The Australian National University
ANU IT Security Site
IT Security
IT Security Home
ANU Anti Virus Solution
ANU Windows WSUS Server
ANU Mac Software Update
Printer Friendly Version of this Document

Tips for keeping passwords safe

Passwords are an important element in securing your information. A poorly-chosen password, or one that is known by other people, can

  • Allow others to access your private email, documents and other information,
  • Let someone else consume your internet or print quota, and
  • Expose the ANU's network and systems to compromise.

There are a few simple things you can do to make your use of passwords more secure.

Choose a strong password

Characteristics of a good password

A good password should be easy to remember, but hard for anyone else to guess (even if they know you). To make it harder for automated tools to find it should also

  • Contain a mix of upper case (A-Z), lower case (a-z), numerals (0-9) and ideally special characters (such as &, !, @, and %)
  • Be at least 6 characters long (and longer is even better)
  • Not be a dictionary word
  • Not be based on your name, or other things about you (like the name of a pet or a favourite sporting team)

A modern desktop computer can "crack" around 10 million passwords per second, so weak passwords can be easily discovered.

One method…

One method of choosing a strong password is to

  1. Pick a phrase: "My Uncle Kevin has 17 brown labrador dogs", for example
  2. Take the first letters: MUKh17bld
  3. And mix it up a little: mUKh17b!D

Pretty hard to guess, but not too hard to remember.

Or here's a random one… csaof4nA (Reload for another one).

Different methods work for different people, but the important thing is that your password should be HARD TO GUESS but EASY TO REMEMBER .

Keep your password safe

Don't share it!

Under ANU Policy passwords cannot be shared with others. This includes sharing with colleagues, supervisors and friends. ANU support staff will never ask for your password through email or over the telephone! Please treat any such requests with suspicion, and report them to IT.Security@anu.edu.au.

Be aware of who is looking when you enter passwords — one of the easiest ways to get someone else's password is to simply watch as they type it.

Be cautious writing it down

A well-selected password should be memorable enough to remember without writing it down, but if you need to, consider writing a hint (rather than the password itself), don't write down the username or what the password is for, and make sure you keep it safe.

Change your password

  • If you suspect it's known by someone else,
  • If you get your password reset by support staff,
  • On a regular basis.

Consider different passwords for different things

While it can be convenient to only remember one password it can also add risk - someone who gets access to anything with your password on it then has access to everything. Consider using different passwords for different purposes, particularly for internet banking and similar sites.

Page last updated: 18 August 2008
Please direct all enquiries to: ANU Information Security
Page authorised by: Director, Information Infrastructure Services
The Australian National University
CRICOS Provider Number 00120C — ABN Number: 522 34063906