The definitive guide to getting your passwords right

by Elizabeth Jenike, IT Services

No Cyber Security Awareness Month can (or should) pass without mention of password strength and the importance of setting secure, unique passwords on all online accounts. What constitutes a “good” password? How can you keep all your accounts straight?

Be unique

How-to Geek contributor Chris Hoffman wrote that the “traditional” advice for password generation is still very much a good idea: Use more than 12 characters, add numbers and special characters (such as exclamation points, carets, and money signs), and try to stay away from using words that can be found in your standard Merriam-Webster dictionary.

Be smart

Here are some easy ‘don’ts’ when creating passwords:

  • Don’t physically post your code on or around your monitor.
  • Don’t tell anyone your password.
  • Don’t use the same password for more than one account.

Create a passphrase

A passphrase is a longer, more complicated password—essentially, your very own encryption key. Throwing together some seemingly random words, with special characters in the mix, will create a stronger code than just using one-word passwords.

Of course, nothing is completely random when it comes to the human mind. Patterns emerge regardless of how carefully language is chosen. To combat this, The Intercept contributor Micah Lee outlined a technique designed to create entropy (or randomness) in passphrases. Essentially, it entails rolling six-sided dice and attributing words to numbers rolled by consulting a guide called “the Diceware word list.” One example given is that the numbers 24464 created the word ‘epoch.’ So by rolling dice, you can completely randomize your passphrase and keep hackers out of your business.

Use a password manager

White text on red background that says 'Keep Calm and Change Your Password'

According to Security Magazine, a 2017 report from LastPass found that the average business employee has to remember 191 passwords. What’s more, 61 percent of people use the same or similar password in all of their online accounts. You already know what’s wrong with that: You should never use the same password for more than one account. That just makes it easier for hackers to gain access to your personal information (PI) if they figure out your code.

This illustrates the importance of using a password manager like LastPass, Dashlane, or KeePass. Use the above tips to create a strong password or passphrase in the management app of choice—and voila! You only have to remember one password from here on out. These password management apps offer a safe, easy way to secure your accounts—all 191 of them.

If you have questions about passwords or about information security in general, get in touch with our Security, Compliance, and Risk Management team at

Stronger password, longer lifetime with Duo

When our new two-factor authentication solution, Duo Security, goes live on December 19, new password rules will go into effect as well. Right now, if you set your MUnet password with the strongest settings—with special characters, capital letters, and numbers—you will have to change your password once per year. With Duo, we are changing that requirement to once every five years (with the same strength restrictions). This means that students who graduate within five years will most likely never have to change their passwords.