Hogeschool van Amsterdam

Tips for creating a secure password

Use a unique, strong password for your AUAS ID. Change your AUAS ID at least once a year. Never share your password with anyone.

Unique and strong

Unique means that you use this password for your AUAS ID only and not for any other web services; strong means that the password meets the following criteria:

  • It contains at least 8 and no more than 16 characters.
  • It contains at least 1 upper case letter.
  • It contains at least 1 lower case letter.
  • It contains at least 1 number.
  • It contains at least 1 of the following special symbols:
    ~ ! @ # $ % ^ & * ( ) _ + = - ` { } [ ] | : ; ' , . ? /
  • It does not contain your AUAS ID, first name or surname.
  • It is not the same as any of your previous passwords.

Why should you change your AUAS ID password at least once a year?

With internet and open WiFi, more and more AUAS systems and services are now accessible from home, the train, cafés, etc. In these situations, there is a higher risk that someone with malicious intent can discover your password (by shoulder surfing or over an unsecured connection) and then use your digital identity to access and even make changes to important organisational information. Even within the AUAS, passwords can sometimes end up in the wrong (unauthorised) hands. Therefore, change your password at least once a year and never share it with anyone else.

Have trouble remembering your passwords?

Use a password manager and the tips below to keep track of all your passwords.

Password manager (password manager)

A password manager is a digital safe in which you store all your passwords so you only need to remember one strong master password. Password managers are available as computer and laptop software, tablet and smartphone apps and web applications. A few good ones are: lastpassdashlane and stickypassword.

Tips for creating a password

Coming up with a good password can be tricky. It has to be difficult to crack, but also easy for you to remember. The following tips can help:

  • Replace some letters with other characters. You can swap a 3 for an E, a 0 for an O, a 4 for an A, etc. However, because hackers sometimes include these obvious replacements in their scripts, using non-standard numbers makes for a stronger password. For example, replace O with ().  
  • Use a combination of two (or more) unrelated words. If you separate the two words with a symbol and also replace the numbers as shown above, you'll have a strong password that is easier to remember. For example 'Cat and Computer' could be 'C4t#C()mPut3R'.
  • Come up with a sentence that is easy for you to remember and then condense it into eight characters. The sentence 'Have you got a club card, ma'am?' could then be 'hygaccm?'. If you then replace a letter with a number and put some letters in upper case, this could become 'hYg4((.M?'. 
    A long sentence containing 16 characters or more but is also very strong, provided you include a few special characters.
  • Add two letters to create different site-specific passwords. While it's essential not to use the same password for every single website, it's also hard to keep track of fifty different passwords. A good trick is to add an additional letter to the beginning and end of your strong password that refer to the particular website. For Facebook, for example, you can turn the above password into 'fhYg4((.M?k'.   

Note that the passwords mentioned here are intended to serve as examples only and should not be used verbatim. Instead, use the tips to come up with your own strong password. Combining them will make your password extra strong.  

  • Create categories for important and less important accounts. Protecting your email is more important than something like a hobby newsletter subscription. Group your passwords into three categories: very important (confidential), important and less important. The more confidential the data, the stronger your password needs to be.  
  • Use different passwords for your work and private accounts. That way, if cyber criminals ever obtain your private password, they won't also automatically have access to all your other accounts, such as your AUAS account.
Published by  ICT Services 26 July 2017