Secure Your Passwords

What is a Good Password?

A secure password is key to keeping your accounts, data, and info safe. If the internet is a door, your password is the key. You wouldn't leave your door unlocked, so don't leave your accounts or data unlocked.

Creating a Strong Password

Here's how to quickly create a strong password: make it long, complex, unique, and secret!

Long

The longer the password, the stronger it is. NYU IT recommends your password be at least 14 characters long. Try making a passphrase (based on a whole sentence, rather than just a word) that consists of several words or parts of words.

Complex

Be sure to vary character use when creating a secure password by alternating between lowercase and uppercase letters, numbers, and special characters.

Unique

Pick a password you've never used but that is easy for you to remember. An inside joke or a personal saying can be an easy trick for you to keep track. Just no famous phrases, birthdays, pet names, or song lyrics. Remember, no "password," "qwerty," or "123456789"!

Secret

Never tell anyone your password and never write it down in an easily-accessible place, such as the notes app on your phone. Avoid sending passwords via email or SMS, posting potential clues on social media, or re-using a password that's already been hacked.

• Use at least 14 characters
  
• Vary with uppercase letters, numbers, and special characters
  
• Create a passphrase of several words to be super secure
  
• Change it at least once a year, or more often (90 days) for specialty and high-security accounts
  
• Reset if you think it's been compromised (like after using a public computer)
  
• Keep it secret! Don't share it with friends, family, or roommates
  
• Remember to use MFA for a second level of account protection
• Use a password generator like LastPass or 1Password to create strong passwords automatically
  

• Don't reuse previous passwords or use the same one for more than one account
• Don’t use variations of your old passwords
  
• Don't use your NYU NetID or N-Number, first or last name, or the names of friends or fictional characters
• Don't use your birthdate or any other easily guessed numbers
  
• Don't use keyboard patterns (like qwerty)
  
• Never tell anyone your password, write it on a sticky note, email it, or post it on social media
  
• Don't allow your internet browser to remember passwords
  
• Never leave your computer unlocked or unattended

Check out the ServiceLink article on password requirements and security tips.
Visit the NYU NetID and Password page to learn how to reset your NetID password.
See the NYU Policy on Responsible Use of NYU Computers and Data, scroll down to Passwords in the Specifications, NYU Computer Security section.

Avoid Less Secure Passwords

Common knowledge
Avoid using information that is easy-to-find online or posted on social media as the basis for your passwords or answers to security questions. Your answers don't even have to be truthful; just something you'll remember!

Not secret
Never tell anyone your password information. This means not telling friends, never emailing it, and never leaving it on a nearby sticky note.

Remember, NYU and most other institutions (like your bank) will never ask you for your password.

Already hacked
The least secure password is one that was already hacked! Never use a password for more than one account. 

Too Many Passwords? Try a Password Manager

Strong passwords are important, but they can become hard to remember! Try a password manager, which stores all your login information in one digital vault, protected by a unique passphrase. Password managers can even generate secure passwords for you.

Avoid saving your passwords to your browser. Instead, choose a well-known and trusted password manager.