Having a strong password can help keep you safe when protecting your account from attackers. In this article we will discuss how to create long, strong, and unique passwords.
Passwords and Passphrases?
Passwords
A password is a group of characters that lets you access a system or service, like a computer, website, or application. It's an important way to keep corporate and personal data, accounts, and sensitive information safe. Passwords usually include a mix of letters, numbers, and symbols, and they can vary in length depending on the system's rules.
- Avoid using predictable patterns for your passwords:
- “123456@NSCC”, “$password1234”, “letmein2025!”, "N$1234567890"
- “abc123def456” or “1q2w3e4r5t6y!” or other combinations of close keys or patterns on a keyboard
- Adding a symbol or number to the end of an otherwise weak password
- Do not use words that may be easily guessed by someone who knows you or can see your social media:
- "23HarleyDavidson!" or "March251983^" "LucyLabradoodle2012"
- Do not use common expressions, song titles or lyrics, movie titles, or quotes.
A strong password is long, complex, and unique, here is an example of a strong password:
This password is strong because:
- It uses uppercase and lowercase letters (T, R, l, o, etc.)
- It includes numbers (9, 0, 3075)
- It has special characters (!, $)
- It’s not a real word or name, which makes it harder to guess
- It should be only used for one system or service
Passphrases
A passphrase is like a longer password, usually made up of several words and includes spaces or symbols between them. Because it’s longer and complex, it is harder for hackers to break. Unlike short, random passwords, passphrases are also easier to remember. Passphrases don’t need to be proper sentences, so using unusual or random word combinations can make them even stronger.
You can use a passphrase as your password - try combining multiple words with a number and a symbol:
- Items in your office: Hat, Couch, Window, 3 Pens: "Hat-Couch-Window-3Pens"
- Fruit on your counter: 3 Apples, 5 Bananas, 1 Pear, 2 Kiwis: "3Apples+5Bananas+1Pear+2Kiwis"
- Actors in Marvel Movies: Robert Downey Jr., Scarlett Johansson, Chris Evans, Chris Hemsworth, Chris Pratt, Cobie Smulders: "Robert#Scarlett#Chris3#Cobie"
Or use a passphrase to remember a secure password by using the first letter from each word in a unique a sentence:
- "In high school I ranked number 1 in competitive chess 3 years in a row!" becomes "IhsIrn1icc3yiar!"
- "I have been teaching at the NSCC for 16 years, only 8 more to go until retirement." becomes "IhbtatNf16y,o8mtgur."
Other Things to Consider
While the NSCC has a minimum password length of 12, length is strength, so use the tips above to create longer, easier to remember passwords.
Uniqueness matters! Password reuse leads to account breaches, so do not use the same password on multiple sites or repeated patterns in your passwords. Using a password manager makes having long, complex, and unique passwords for every account easier, for a list of password managers, please see the next section.
Banned Words
Both Microsoft and the NSCC curate lists of words and character combinations that are considered insecure to use - if your password contains these words/character combinations then you will receive an error when trying to set it. Microsoft does not publish their list, but the ones the NSCC includes are:
- The campus names
- 4 digit years [2025, 1968, etc.]
- Towns/city names where a campus or learning center is located
- "NSCC" [or variants of it]
Additional Security Tips
Enable MFA on all of Your Accounts
Multifactor Authentication is used to make sure you are who you say you are by requiring two or more pieces of evidence that prove your identity. This evidence is known as a factor, and the requirement of a second factor greatly increases the security of your account. To learn more about MFA, click here.
Use a Password Manager
Remembering all of your unique, long and complex passwords can be hard. Password managers make it easier and safer to handle your passwords, by storing them in a secure vault, accessible across your browsers, computers and mobile devices. The NSCC does not recommend any particular password manager, but here is a list of popular ones: