General password guidelines IT and Library Services

Using a weak password that can be easily guessed is not a sensible move. Remember, there are many applications that can generate and test millions of passwords per hour. Even strong passwords are not infallible, but they make things as difficult as possible for a hacker.

You can find more information on your University of Greenwich password construction and changing passwords here. For a visual representation of password strength, see The Password Meter.

Please do NOT use the ¬, | , £, €, & or # signs as several older University systems cannot currently support them in passwords. 

What makes a good password?

A good password should be easy to remember but must be difficult to guess:

  • Do not make the password the same as your account name.
  • Do not use your surname or any of your forenames as a password.
  • Do not use the names of your boy or girlfriend, relative, dog, cat, budgie …
  • Do not use your car registration number – even an old one!
  • Do not use your address.
  • Do not use any word found in a dictionary (nor plurals) even with a numeral on the end.

Your Password and how you currently use it.

Is your password weak and easy to hack? Do you use strong passwords?

  • Do you write your passwords down or store them on your PC in plain text, such as in Notepad or Word?
  • Do you select 'Yes' when applications ask you if you want them to remember your passwords for you?
  • Do you tell anyone (including your partner, flatmate or best friend) what your passwords are? (It could be a very good idea to change your password if you change your partner.)
  • Do you select the same password for every account?
  • Do you use your University password for non-University accounts?
  • Do you use easy to guess words, such as your pet's name, mother's name, partner's name, etc?
  • Do you use phone numbers, pin numbers, student number, staff payroll number, etc?
  • Do you use commonly-known acronyms or patterns, such as, uog, abcde, qwerty or 12345 or words that are found in dictionaries?

If you answer 'yes' to even one of the above questions you are giving an open invitation to hackers or bots to access your password-protected accounts and are making yourself a target for identity theft. Remember that you should never divulge your University of Greenwich passwords or use them for non-University accounts.

A Good Password: Construction and Usage Suggestions.

  • Make the password at least eight characters long
  • Whenever permitted, include a mix of upper case letters, lower case letters, numbers and special characters, eg. ! , . = < > ' " : ; ? / { } [ ] ~ - \ ( ) _ + $ % ^ * @ 
  • Make it easy for you to remember, but impossible for anyone else to guess
  • Change the password at regular intervals
  • Use specialist software, such as Password Safe, to prevent writing passwords down or storing them on your computer in unencrypted form
  • If an application asks you if you want it to remember your password for you, just say no

If you are doing all of the above, then you are using strong passwords and doing your best to prevent hackers from accessing your password-protected accounts- well done!