Secure passwords should:
- be unique among different accounts and different websites
- contain both upper and lower case characters (e.g., a-z, A-Z),
- contain digits and punctuation characters (e.g., 0-9,!@#$%^&*),
- be at least eight alphanumeric characters long, and
- not be a common usage word such as:
- a word found in a dictionary
- slang, dialect, jargon, etc.,
- names of family, pets, friends, co-workers, fantasy characters, etc.,
- computer terms and names, commands, sites, companies, hardware, software, etc.,
- “VLS”, “Villanova”, “Nova”, or any derivation thereof,
- personal information such as birthdays, addresses, pet names, phone numbers, etc.,
- word or number patterns like aaabbb, qwerty, zyxwvuts, 123321, etc.,
- any of the above spelled backwards, or
- any of the above preceded or followed by a digit (e.g., secret1, 1secret).
In order to protect your passwords:
- Do not write passwords down or store them online without encryption.
- Create passwords that can be easily remembered. One way to do this is create a password based on a song title, affirmation, or other phrase. For example, the phrase might be: “This May Be One Way To Remember” and the password could be: “TmB1w2R!” or “Tmb1W>r~” or some other variation.
- Do not use passwords from non-University accounts.
- Where possible, do not use the same password for each Law School/University account.
- Do not share University passwords with anyone, including friends, administrative assistants, secretaries, supervisors, family members, co-workers while on vacation, unless part of cross training planning and emergency policy.
- Do not reveal a password over the phone or in an email to anyone.
- Do not talk about a password in front of others or hint at the format of a password.
- Do not reveal a password on questionnaires or security forms.
- If someone demands a password, refer them to your department head.
- Avoid storing passwords within applications or using the “Remember Password” feature, unless the application properly secures the password through commonly-accepted methods such as encryption.
If you have any questions regarding password security, please contact a member of Academic Computing.