HOME /

Use Strong Passwords

Create passwords that are unique and hard to guess. Use 2-step verification where it is available.

A password is how you prove you are you. Technology has gotten better and better, isn't it time to improve the way you handle passwords? Read the links below to help you create a strong password, manage all your passwords in a password manager, and enable two-step verification to protect against account theft. 

Create a Strong Password

Bad - Things to Avoid

Do you use any of these as a password, or use them in combination with a single dictionary word? If so, you need to upgrade your password to something stronger.

Bad Ideas Example
Four Digit Years 19XX, 20XX, other anniversaries or famous years like 1776 or 1066
"Password" pass, password, p@$$word or any variant
Sports References footballfan, hockey, gosox
Names Pets, spouses, children, grandchildren, celebrities
Personal Information Your name, email address, phone number, or social security number
Keyboard Patterns or Sequenxces qwerty, asdf, 123456,abc123

Good - Passwords

A good password will meet the following requirements

  • An English uppercase character (A-Z)
  • An English lowercase character (a-z)
  • A number (0-9) and/or symbol (such as !#, or %)
  • Ten or more characters total.

One way to do this is to start with a word you will remember:

pamphlet

Then add elements from the criteria listed above.

pAMPh$3let

Better - Passphrases

Passphrases are longer and more complex than passwords. They are easier to remember, but more difficult to guess. 

Method A: Convert a Phrase to an Acronym

 

Choose a phrase you can remember and reduce it to the first letters of each word, working in some numbers, capitalization, and punctuation.

Mccic:Iiig,web? -> Mint chocolate chip ice cream: If it isn't  green, why even bother?

or

Ynpitg8dIeswmf -> Yosemite national park is the greatest 8 days I ever spent with my family.

Method B: Unique Phrase

 

Pick 4-5 Letters (MISL) and then make a phrase using words that start with each of those letters. Add a number or punctuation if it makes sense.

Miami!!ItSoundsLovely

or

MaybeIncludeSmallLobsters?

 

 

Best - Password Managers

The strongest passwords are created by password managers, software that generates and keeps track of complex and unique passwords for all of your accounts. All you have to remember is the password to the password manager. When choosing a password manager, choose one that supports 2-step verification.

LastPass premium is currently offered at no cost to all members of the Harvard community. Visit http://security.harvard.edu/lastpass to get it now.

Points on Passwords

Privacy, Please

Keep your passwords private and don't share them with anyone. Support services will never ask you for your password by phone or by email.

How To Manage

You have dozens of accounts, and that means you need dozens of strong passwords. Thankfully, there are applications to help you keep track of them. A password manager will help you create, use, and store passwords easily.

LastPass premium is currently offered at no cost to all members of the Harvard community. Visit http://security.harvard.edu/lastpass to get it now.

Refuse to Reuse

Using the same password for all your accounts is very risky. If your account for any service is compromised, all of your accounts are put at risk. Use a unique password for every account.

Step It Up

When you enable two-step verification, any time you use your account on a new device, an authorization code will come to your phone. Without the code, a password thief cannot take control of your account. It is the single best way to protect your account from cyber criminals. 

 

Two-step is available for most services at Harvard and beyond. Visit security.harvard.edu/twostep for Harvard services, and twofactorauth.org for everything else.