Skip to main content

One Step Ahead: Creating, Securing, and Using Strong Passwords

One step ahead logo

Another tip in a series provided by the Offices of Information Security, Information Systems & Computing and Audit, Compliance & Privacy

A strong password plays a critical role in securing both your work-related and personal accounts. Here are some pointers: 

Make it unguessable. It is important to create a complex password rather than a simple one, using a mixture of upper- and lower-case letters, numbers, and special characters. The greater the length, the better.

  • Avoid using common words, parts of the account username, or names/dates associated with you and your loved ones
  • Try and create passwords that are meaningful to you but not easily guessable or discoverable by others. 
  • Consider using a passphrase. A passphrase is long, and you can easily include upper- and lower-case letters, special characters, and numbers. Use a passphrase meaningful to you, e.g., “Walk my big dog daily @6am”

Add extra security. If your account supports additional security features, you should implement those features as well. When using your PennKey, Two-Step Verification should be turned on, and is mandatory for most PennKey accounts. Additionally, Schools and Centers may require Two-Step Verification for other accounts, such as email. Many other commercial accounts (such as Google/Gmail, Apple, Android, and Yahoo) support the use of an extra layer of verification as well.

Don’t recycle! The Office of Information Security recommends not reusing passwords between accounts; if one username/password combination is compromised, hackers often try reusing any username/passwords they acquire to see if they work elsewhere as well. In particular, your PennKey password should only be used for your PennKey account.

Get a vault. After you create a complex, unique password or a passphrase and have not reused it across multiple sites, you can also protect it by using a password “management system” or “vault” to store your passwords. Password management systems like LastPass (available for Penn faculty, staff, and students) are designed to store and also automatically generate complex passwords for you. 

PennKey password rules: https://pennkeysupport.upenn.edu/password-guidelines

How to construct secure, complex passwords: https://youtu.be/jeC_KzgPNk0

Two-Step Verification: https://www.isc.upenn.edu/how-to/two-step-verification-getting-started

LastPass: https://www.isc.upenn.edu/how-to/lastpass

Back to Top