UNLV logo


Passwords are often the only thing keeping other people from accessing your accounts. Follow these best practices to be as secure as you can be.

Best Practices

  • Make passwords with at least 10 characters or more
  • Use at least three types of characters: uppercase or lowercase letters, numbers, and special characters like !@#$%^
  • Don’t use words you could find in a dictionary or common phrases/combinations 
  • Don’t write down your passwords (consider using a password manager to keep track instead)
  • Don’t share your passwords with anyone 
  • Use unique passwords on different sites/systems

Longer is stronger

Most systems require you to make a password that is at least eight characters. If you can make your password longer, it will become more secure with each additional character you add. Try to create passwords with at least ten characters whenever possible. 

Complexity is key

Long passwords are the first step to keeping you safe, but dictionary words, common combinations of letters or numbers (e.g., password1, 123456), or common phrases(e.g., letmein) can be figured out by a computer in less than a second.

Make your long password more secure by using a mix of:

  • uppercase and lowercase letters
  • numbers
  • special characters (e.g., ! @ # $ %)

You might think that substituting symbols in dictionary words, like changing “password” to “pa$$w0rd,” makes them stronger, but they are still easy for hackers to break. Try one of the following techniques for making a strong passwords to find one that works best for you.

A passphrase typically contains multiple words. For example, your passphrase might be “i want to go skiing at brianhead.” To add complexity, you should use uppercase and lowercase letters, numbers, and special characters to make “I want 2 go skiing @ Brianhead!” This passphrase meets all the requirements of a strong password but is easy to remember as well. At 25 characters, it would take an incredibly long time for a computer to crack. However, since it does have a lot of characters, some systems won’t be able to accept it.

Shortened Passphrases
Instead of using a full passphrase, you might take a part of each word from the passphrase to make your password. You may turn “I want 2 go skiing @ Brianhead!” into “Iw2gs@Bh!” This password still meets strength requirements and is easy to remember without being too long for some systems to accept.

Password Managers
A password manager can quickly generate and store very secure passwords for you. Since they are randomly generated and long, they are very secure. You’ll still need to create (and remember) at least one very strong password for your password manager, however. 

Keep it safe

Protect your passwords like you protect your social security number. Don’t write them down and don’t share it with anyone. If someone does something malicious with your account (intentional or not), you’ll be the one dealing with the aftermath. Secure password managers are a great way to protect yourself while still making it easy to log in when you need to.

Remember, most companies, including UNLV, will never ask you for your password. If someone does, they’re probably trying to phish you.

Recycling: Not great for passwords

You’ve created a really strong password using all the tips above and committed it to memory. Why not use it on every site you visit?

Because if you’ve used the same information on other pages, a hacker just needs to break into a weaker site and get your information. They can then use it to break into any other site that use the same information, which may give them something more valuable. The best thing you can do is to use a unique, strong password with every account you have. A secure password manager can help.

Change your password regularly

The older your password is, the more likely it is that it has somehow been compromised. To protect yourself, change passwords regularly. Consider changing your password more frequently for “high risk” accounts that would be very damaging if compromised, like banking or tax accounts.

Two-factor authentication

Many websites now offer two-factor authentication. This means you enter your password once on the website, but you’ll also get a text message, email, or use a random code generator app to get a special code to enter for extra verification. 

You can set up two-factor authentication for many services, including Dropbox and Facebook. It might make it harder for you to sign in to your own accounts at times, but if someone does try to break in, you’ll be glad you had it set up.
Related policies: