Connecticut State Colleges & Universities
IT Support Center

Information Security Education and Awareness

Password and Passphrase Security


Password Security is an important part in protecting the data of our organization. Current Standard (ISST 10.900 Identification and Authentication) requires a password to have a minimum of 8 characters and be strong. Changes in technology and the speed with which passwords can be cracked, has led to changes in minimum password strength recommendations.

The strength of a password is measured in how effective it is at resisting guesses and brute-force attacks. Password complexity is one method of creating a strong passwords.
We recommend using the 10-4 Rule

Passwords should contain a minimum of 10 characters that are composed of characters from each of these four groups:

  • Uppercase letters (e.g., A, B, C, Y, Z, etc.)
  • Lowercase letters (e.g., a, b, c, y, z, etc.)
  • Special characters (e.g., ! @, #, $, %, ^, &, etc.)
  • Numbers (e.g., 1, 2, 3, 4, 5, etc.)
For example this is a strong password:  "Ird@7HPbk$
A frequent complaint of users is the inability to remember passwords. Often users will write them down or store them in a way that would be considered a security risk. One method to overcome this challenge is to use a memory technique such as a passphrase.

Using the example,  "Ird@7HPbk$"     Try remembering:   "I read all 7 Harry Potter books."

Or simply type out the opening line of a favorite poem, book, or song.
Like this, "Somewhereovertherainbow1939"  (1939 is the year Wizard of Oz was released)

Important Dos and Dont's

  • Do not share your passwords
  • Avoid writing passwords down
  • Change your password if you think it has been compromised
  • Use different passwords for ALL your accounts
  • Use a Password Manager