Documentation

Strong passwords

Created by Karla LeFevre, last modified on 2021-07-26

A strong password is the first line of defense for an individual computer user's account. Follow these guidelines to keep your account and NCAR computers secure.

Page contents

Creating a strong password

You can generally create strong, memorable passwords or passphrases by building acronyms from a phrase or sentence or stringing multiple random words together with both uppercase and lowercase letters. Mix symbols and numbers inside the words, not just between them or at the ends.

Longer is stronger, so the preference is to use more characters rather than more symbols.

Good passwords should:

  • Be memorized or stored in an approved password manager application*.
  • Be at least nine (9) characters long.
  • Contain both upper-case and lower-case characters.
  • Contain numbers.
  • Contain other keyboard characters such as !, *, and @.

Good passwords do not contain:

  • A dictionary word in any language.
  • Personally identifiable information such as a name, a login name, part of an email address, a phone number, a date of birth, a license plate, a Social Security number, or similar data.
  • Any of the above spelled backwards.
  • Any of the above with numbers exchanged for letters or vice versa.
  • Any of the above with numbers or special characters appended or prepended.

For example, the following are equally ineffective:

  • hello
  • 43110
  • HeLlO
  • olleh
  • hello!
  • ?hello?

Hackers are well aware of all these tricks and can easily break such passwords.

Protecting your password

Keep your password private. Use a password manager if possible. Written password hints should be secured from view. For example, do not write a password or hint on a white board, especially where it can be seen by a webcam.

Also:

  • Do not use Microsoft Office, Google Apps, or similar applications to store passwords even if they have a password protection feature.
  • Do not use your browser to store logins and passwords.


* NCAR/UCAR staff members can use the Staff Support portal to request installation of an approved password manager application. University users should check with their own system administrators.


© 2024 UCAR
Postal Address: P.O. Box 3000, Boulder, CO 80307-3000 Shipping Address: 3090 Center Green Drive, Boulder, CO 80301
National Science Foundation
This material is based upon work supported by the National Center for Atmospheric Research, a major facility sponsored by National Science Foundation and managed by the University Corporation for Atmospheric Research. Any opinions, findings and conclusions or recommendations expressed in this material do not necessarily reflect the views of the National Science Foundation.