Skip to content

Password Security

Your account is your identity, and your password is the key that gives you access to your data. Keeping your account and password secure is important, because if someone else has access to your password they will be able to have access to everything that you do, or abuse it for spreading spam and virus.

  • Choose a long, complex password

    There are two popular approaches to creating a strong yet memorable password: sentence contraction and passphrase. In both instances, the key to password strength is in the length.

    Method 1: Sentence Contraction

    • STEP 1: Compose a memorable sentence
      "When I was six I went skiing and broke my leg"
    • STEP 2: Contract the sentence, while adding random mutations and/or numbers
      "WhIw6Skii&BML" (13 characters, takes 4 million years to crack!)

    Method 2: Passphrase

    • STEP 1: Choose 4 random words from dictionary (the larger the dictionary, the better)
      "sentence credits raid flaky"
    • STEP 2: Adding random mutations and/or numbers
      sentence creDits raid flaky" (27 characters, takes 700 years to crack, even with passphrase cracker)
  • Avoid bad password practices

    The strength of your password can be further increased by avoiding these common mistakes:

    1. Avoid making only minor changes to your password when it requires changing

      Some people increment a number at the end of our password each time it requires changing. For instance,


      This practice significantly decreases the security of your passwords and should be avoided. Should a hacker ever gain access to any of your previous passwords, it won’t take them long to work out your current password!

    2. Avoid using information that’s easily obtained about you

      The advent of social media has made personal information more accessible than ever before. Information previously considered private - birth dates, pet names, phone numbers, etc. – are now readily available for those willing to find it.

      The following statistics show which information is most commonly shared on Facebook:

      Source: Trendmicro

      Using (easily obtained) personal information in your password should be avoided.

    3. Avoid the top commonly used passwords

      Years of data breaches have given us insight into thousands of commonly-used passwords. Malicious hackers use such a dictionary of common passwords as an effective tool for cracking passwords quickly. We must avoid these at all costs!

      Refer to this Wikipedia article for the list most common passwords in the last few years.

    4. Avoid re-using passwords across different services

      Data breaches happen to even the large companies like Google, Yahoo!, DropBox. When malicious hackers get their hands on a bunch of usernames and passwords what do they do? They try it on OTHER services to see if the same credentials are used. This is why it's very important that you choose a unique password for each service, and in particular, do NOT re-use your University password for other internet services.

    5. Don't share your password and avoid writing them down

      Your password is yours and yours alone. Never disclose your password – even to friends or family. Also avoid writing them down on post-it notes and avoid typing your password in front of others.

  • Use a password manager

    Password managers such as LastPass and 1Password are a fantastic tool that EVERYONE should use. Here are some merits:

    • You only need to ever remember one password--the password to your vault.
    • The password manager can generate random passwords and store them securely.
    • Auto-fills your login credentials in websites requiring authentication.
    • Performs a "health check" on your passwords and highlights weaknesses.
    • Helps to detect fake login sites.

  • Use two-factor authentication

    "Single factor" authentication relies on your username and password. Once your password is stolen, you are exposed to unauthorised access. Two-factor authentication, or 2FA for short, relies on two pieces of information for authentication: something you know (your password), and something you have (typically a trust mobile phone or a hardware token). Many popular services like Gmail, iTunes Store, and online banks offer two-factor authentication. The University of Adelaide also requires two-factor authentication for VPN remote access (see here for details).

    You should opt-in to use two-factor authentication whenever possible as it is a very effective way to prevent identity theft.

  • Register your emails with "Have I Been Pwned"

    Have I Been Pwned is a free service that can tell you if your email address has been involved in past known data breaches. You can also register your email address and be notified when data breaches of services/accounts associated with your email become public.


Information Technology and Digital Services

Call us 08 8313 3000
Int'l +61 8 8313 3000
Contact us
Want to fix a problem yourself? It's easy with our self-help guides.