knowledge-base:general:passwords

Password Advice

Choosing a strong password not only protects your own data, but also protects others who use the department’s systems. If your account is compromised, your data will be compromised, but it could also lead to a larger problem on the system as a whole.

  • Use a password manager (see below)
  • Use two-factor authentication, if possible
  • Use secure passwords (see below)
  • Never give your password to anyone (not even the EECS IT Staff)
  • Do not use the same password on all systems (i.e., other schools, websites, computers)
  • Never use the following as part of your password:
    • Dictionary words
    • Any part of your name
    • Pet’s names
    • Any information others can look up about you

As people have more and more online accounts, keeping up with good practices like having a different password for every site or organization can become difficult or impossible. Password managers make this task much easier and many are available for free. They can automatically generate complex passwords and fill them in for you on websites and even smartphone apps. Wikipedia maintains a list of password managers. EECS IT does not endorse or recommend any specific products.

Using a password manager, you should be able to create completely random passwords. Yet even with a password manager, you may still have to remember a few passwords. Here are some techniques to help you do so. While in the past you may have seen that 8 character passwords are sufficient in length, we recommend a password of 10 or more characters.

Choosing characters at random can make a very strong password; however, such as password is likely to be forgotten. The best way to make a secure, seemingly-random password is to use a mnemonic. This can be done by choosing a saying, song lyric, or poem verse and use the first letter of each word as one part of the password. For example, “Blue canary in the outlet by the light switch who watches over you” (Birdhouse_in_Your_Soul – Birdhouse in Your Soul) could be written as:

bcitobtlswwoy

Using a little bit of clever replacement, this password can become:

BC|+0bt1swW0u

(Note: Now that this password is posted online it should never be used.)

When you are typing your password, just think about the song and you can recall all of the letters or replacements. In a short time, you will become accustomed to the password and will have little trouble remembering it.

If passwords are over 20 characters in length (also known as “pass phrases”), the restrictions can be relaxed. Thus you can use an English-language sentence such as:

Yikes! I'm writing a passphrase to log in.

This should not however be a quote, song lyric, poem, or anything that can be found in any standard literature. A nonsense sentence that makes sense only to you works best.

As you may know, your EECS password is linked to your UTK NetID password. Password inquiries and changes should be done through OIT. OIT has posted the following page with instructions about passwords:

Your NetID and Password - OIT