Password Do's and Don'ts

Follow these password do's and don'ts to help protect your data and your identity.

Password Do's Password Don'ts
  • DO pick a password you will remember
  • DO change your password regularly
  • DO use a mix of uppercase and lowercase characters.
  • DO use punctuation marks and special characters such as #, $, %.
  • DO choose a line or two from a song or poem and use the first letter of each word, preceded or followed by a digit. (e.g "Do you know the way to San Jose?" becomes the password DYKtwTSJ?).
  • DO use a password that you can type quickly without having to look at your keyboard. This makes it harder for someone to notice your password if they happen to be watching over your shoulder.
  • DO use a password with 8 or more characters. More is better.
  • DO create different passwords for different accounts and applications.
  • DON'T write your password down.
  • DON'T make obvious choices like your last name, first name, nickname, birthdate, spouse name, pet name, make/model of car, or favorite expression.
  • DON'T choose your username as your password.
  • DON'T share your password with anyone. Once it is out of your control, so is your security.
  • DON'T use a word contained in English or foreign language dictionaries, spelling lists or commonly digitized texts such as the Bible or an encyclopedia.
  • DON'T use an alphabet sequence (lmnopqrst), a number sequence (12345678) or a keyboard sequence (qwertyuop).
  • DON'T use a password shorter than six (6) characters.
  • DON'T use a word spelled backwards.
  • DON'T use a password of all digits, or all the same letter.
  • DON'T use the same password for more than one system or web site.
  • DON’T Use numbers in place of letters. For example, “Password” becomes “Pa55w0rd.” Dictionary programs are also equipped to combat this technique.
  • DON’T Use dates to create a password (for example, AUguST2001).
  • DON’T Re-use any of your last 10 passwords.
  • DON’T Provide your password—or any of your sensitive or confidential information—over e-mail or instant message. Think of an e-mail message or IM like a postcard. The information can be seen while it’s traversing the Internet. Also, once you send an e-mail, you no longer control the information in it. It can be forwarded to other people without your knowledge or consent.
  • DON’T Use sample passwords given on different Web sites, including this one.