Using Strong Passwords

Use strong passwords everywhere.

No matter how many walls are placed around your machine, there is always a key for complete access: your password. There are countless programs that attempt to determine passwords, both by guessing common passwords and by randomly generating possibilities and trying them all, or a combination of the two.

The best defense is a "strong password." A strong password is a combination of numbers, uppercase letters, lowercase letters, and if possible, special characters (for example, !@#$%^&,*). This makes the password nearly impossible to guess in a reasonable amount of time, and ensures that all the hard work you put into keeping your machine well-defended does not go to waste. The longer the password, the harder it is to guess.

Of course, as passwords get closer to random numbers and letters, they also become more difficult to remember. That doesn't mean that you have to choose a weaker password either. You can m15peLL w0Rdz intentionally, or use a mnemonic device like a strong passphrase. Be sure to read the Microsoft article below for some very useful advice on creating strong passwords.

And Remember: If you think there's a chance that someone else has seen your password – make sure you change it immediately.

How To Change Your University Network ID (UNI) Password

Columbia University affiliates with a University Network ID (UNI) can change their password at any time by:

Guidelines for Creating Strong Passwords

What is a Strong Password?

A strong password is designed to be complex and therefore difficult to guess or crack. Columbia University maintains the following password requirements:

  • A password must be between 8 and 64 characters long.
  • A password must have at least three of the following:
    • Uppercase letter
    • Lowercase letter
    • Number
    • Special character
  • A password less than 12 characters cannot contain common words or personal identifiers (name and UNI)
  • Beginning October 2013, to set a new password, it must be different from the last five that were used.

Helpful Tips

  • Longer passwords (or "passphrases") can be formed using a phrase or sentence. They are easy for you to remember, but difficult for others to guess.
  • A short phrase or sentence is often easier to remember.
  • If you use a phrase or sentence of at least 12 characters you can use dictionary words.

Other Important Password-Related Guidelines

  • Your account is your responsibility. Do not share your password
    with others, including technicians. CUIT staff will never ask for
    your password.
  • Do not choose a password that is based on personal information that
    someone who knows you may be able to guess.
  • Do not use your user ID (UNI) or your name/department name as your
    password
  • Do not use your University ID (UNI) and password for access to
    third-party systems (e.g., online shopping, newspapers, travel
    websites)
  • Avoid letting software save or store your passwords. Not only will you
    increase the chance that someone will be able to access data on
    your computer or personal information, but you will be more likely to
    forget the password if you do not type it in regularly.
  • Always log out of programs or websites and close your browser
    (i.e., Internet Explorer, Firefox or Chrome) when you are done working,
    especially on public computers.
  • Protect your passwords and treat them as valuables.

Protecting Your Password

Choosing a Windows Password

Choosing an OS X Password

Managing Your Columbia UNI and Password


Microsoft's Tips for Creating Stronger Passwords


To reach this page quickly in the future, use the keyword passwords.


Reporting Security Problems

Send reports of security incidents, attacks, or questions to security@columbia.edu