CU Home Help
Columbia University Information Technology
 Service Alerts
 CUIT Service Catalog
 Get Help Now
 Manage My UNI
 Services Overview
 Network Overview
 Labs & Classrooms
 Network Use Policy
 About CUIT
 CUIT Home

E-mail & Computing
Using Strong Passwords

Use strong passwords everywhere.

No matter how many walls are placed around your machine, there is always a key for complete access: your password. There are countless programs that attempt to determine passwords, both by guessing common ones and by randomly generating possibilities and trying them all, or a combination of the two.

The best defense is a "strong password". A strong password is a combination of numbers, uppercase letters, lowercase letters, and, if possible, other characters. This makes the password nearly impossible to guess in a reasonable amount of time, and ensures that all the hard work you put into keeping your machine well-defended does not go to waste. The longer the password, the harder it is to guess.

Of course, as passwords get closer to random numbers and letters, they also get harder to remember. That doesn't mean that you have to fall back on a weaker password, though. You can m15peLL w0Rdz intentionally, or use a mnemonic device like a strong passphrase. Be sure to read the Microsoft article below for some very useful advice on this subject.

Always be sure to change your password if you think that there's a chance that someone else has seen it.

Guidelines for Creating Strong Passwords

What is a Strong Password?

A strong password is designed to be complex and therefore difficult to guess or crack. To be sufficiently complex, it must:

  • be 8 characters or longer,
  • use a combination of upper and lower case letters, and
  • include at least one numeric and/or special character (&, ?, @, etc.), punctuation, and spaces.

A pass-phrase or sentence is a very secure way of creating passwords that are both hard for others to crack and easy to remember by you.

Other Important Password-Related Guidelines

  • Your account is your responsibility. Do not share your password with others, including technicians. CUIT staff will never ask for your password.
  • Do not base your password on personal information that someone who knows you may be able to guess.
  • Do not use your user ID (UNI) or your name/department name as your password
  • Do not use your University ID (UNI) and password for access to third-party systems (e.g., online shopping, newspapers, travel websites)
  • Avoid letting software save or store your passwords. Besides increasing the chance that someone will be able to access data on your computer or personal information, you are more likely to forget the password if you do not type it in regularly.
  • Make sure you always log out of programs or web sites and close browser when you are done working with them, especially on public computers.
  • Protect your passwords and treat them as valuables.

Protecting Your Password

Choosing a Windows Password

Choosing an OS X Password

Managing Your Columbia UNI and Password

Microsoft's Guide to Creating Stronger Passwords

To reach this page quickly in the future, use the keyword passwords.

Reporting Security Problems

Send reports of security incidents, attacks, or questions to