Technology

Guidance for Setting Strong Passwords

Last modified 12/3/2024

Passwords are a critical aspect of computer security. Strong passwords are the front line of protection for user accounts.

A strong password is hard to guess and includes a combination of letters (uppercase and lowercase), numbers, and special characters. A weak password is easy to guess and is vulnerable to exploitation (e.g., password123).

Passwords Requirements

Password requirements for Illinois State are located in the password procedures document on the University’s Policies & Procedures page. They outline the minimum standards that are required in the password creation process.

Strong Password Practices

A strong password offers more protection than a weak password. Use the practices below to create a strong password.

  • Choose a mix of letters, numbers, and special characters (!, @, #, $, %, etc...)
  • Consider choosing a passphrase
  • Change your password every 6 months
  • Ensure your passwords are 10 or more characters 
  • Use a password manager

Weak Password Practices

Here are some common weaker password practices that should be avoided when possible.

  • Sharing passwords between different accounts 
  • Using common passwords such as Password1!
  • Sharing your passwords with others
  • Writing down your passwords
  • Using public information in your passwords, such as your name or birthday

A weak password can result in:

  • Loss/exposure of highly restricted data and restricted data.
  • Compromise of your computer.
  • Compromise of the campus network.

To protect Illinois State University’s information technology resources and systems, including computers, networking systems, information and data, all users who have access to restricted or highly restricted data are responsible for setting strong passwords used to access University information technology resources and systems.

Keep Your Password Safe

It’s important to protect your password. Use the guidelines below to keep your password safe.

  • Never send your password in email or click a button in your email which takes you to a page requesting your password. Phishing emails use this tactic to try and trick you into giving your password away.
  • Do not share your password with anyone. This is a violation of University policy.
  • Do not write down your password. Create a password that you can remember.
  • If you suspect that someone might know your password or if you think your computer has been compromised, change your password immediately. 
    • For instructions on updating your password, Click Here.
  • Avoid typing your password while anyone is watching.