Information Technology Services

Choosing a Strong Password

Passwords for your UNCG computing accounts are used to access many UNCG services, as well as your personal files, email, etc. So choosing a strong password and keeping it safe is important.

Longer Passwords Are Stronger

UNCG password policy requires the use of passwords between 16-30 characters. Passwords of this size may sometimes be referred to as "passphrases." Passphrases can be easier for you to remember, while being more difficult for an attacker to guess.

In general, the longer your password is, the harder it is to be "hacked" (guessed or determined by password-hacking software). In fact, as you move from, say, an eight-character to a 16-character password, the length of time it would take a hacker to determine your password grows exponentially.

Complexity vs. Password Length

Adding special characters to your password increases its complexity. This also makes passwords harder to hack but comes at the expense of making them harder to remember. When choosing between adding special characters or adding length to your password, longer passwords always win – they are stronger and more user-friendly than shorter passwords of greater complexity.

Picking a Passphrase

Passwords should be memorable, but not easily guessed. ITS recommends that you create a passphrase that is easy for you to memorize by combining a set of simple, unrelated words. You could simply choose words that you think of to create a passphrase; but a passphrase that is made from an unrelated series of words is inherently more secure because it is less likely to be guessed or cracked using brute force techniques.

Examples & Techniques

Note: When deciding on a passphase, keep in mind that there are restrictions to allowed characters. At minimum your passphrase must consist of upper and lowercase letters and be between 16 and 30 characters long.

The full list of allowed characters is available on the the Self-Service Password Reset Form at reset.uncg.edu.


Technique #1
Four simple, unrelated words, combined into a passphrase: PotatoCameraFanDesk


Technique #2
Unrelated words that evoke an image you'll remember: RunningScissorHammer


Technique #3
A short phrase that means something to you but probably not to anyone else: OurFavoriteBeach

Password Pitfalls

Not all passphrases are created equal. Certain kinds of passphrases can be easy to guess or hack even though they are long.

When choosing a passphrase avoid:

  • well-known phrases (books, song lyrics, movies, etc.)
  • information about yourself that is commonly known about you or that can be found online (e.g., states you have lived in, the names of pets or children, your "favorites" – color, book, music, etc.)
  • repeating patterns or words in your passphrase (e.g. adding an incrementing number to the end of a previously used passphase or repeating a word within a single passphrase).
  • example passphrases contained in an online document like this one!.

Protecting Your Password

  • Do NOT leave a written copy of your password anywhere near your computer.
  • If you need to write your password down, DO store it in a safe place. Alternatively, consider using an electronic wallet commercially available from a trustworthy vendor (e.g., LastPass, 1Password, etc.)
  • Do NOT share your password with anyone – online or otherwise, family members included. Sharing your password is a violation of UNCG’s Acceptable Use of Computing and Electronics Resources policy and could additionally subject you to phishing scams and identity theft.
  • Do change your password when you receive notification of upcoming expiration, otherwise you may get locked out of your account. If you forget your UNCG password, you can reset it yourself by using the Self-Service Password Reset Form at reset.uncg.edu.

Note: To further increase the security of your account, UNCG recommends adding an extra layer of protection using two-factor authentication (2FA). To find out how to use your mobile device to help keep your personal information safe, visit http://go.uncg.edu/getsecure.