Password Standards

Secure passwords should:

  • be unique among different accounts and different websites 
  • contain both upper and lower case characters (e.g., a-z, A-Z), 
  • contain digits and punctuation characters (e.g., 0-9,!@#$%^&*), 
  • be at least eight alphanumeric characters long, and 
  • not be a common usage word such as:
    • a word found in a dictionary 
    • slang, dialect, jargon, etc., 
    • names of family, pets, friends, co-workers, fantasy characters, etc., 
    • computer terms and names, commands, sites, companies, hardware, software, etc., 
    • “VLS”, “Villanova”, “Nova”, or any derivation thereof, 
    • personal information such as birthdays, addresses, pet names, phone numbers, etc., 
    • word or number patterns like aaabbb, qwerty, zyxwvuts, 123321, etc., 
    • any of the above spelled backwards, or 
    • any of the above preceded or followed by a digit (e.g., secret1, 1secret).

In order to protect your passwords:

  • Do not write passwords down or store them online without encryption. 
  • Create passwords that can be easily remembered.  One way to do this is create a password based on a song title, affirmation, or other phrase.  For example, the phrase might be: “This May Be One Way To Remember” and the password could be: “TmB1w2R!” or “Tmb1W>r~” or some other variation. 
  • Do not use passwords from non-University accounts.   
  • Where possible, do not use the same password for each Law School/University account. 
  • Do not share University passwords with anyone, including friends, administrative assistants, secretaries, supervisors, family members, co-workers while on vacation, unless part of cross training planning and emergency policy.  
  • Do not reveal a password over the phone or in an email to anyone. 
  • Do not talk about a password in front of others or hint at the format of a password. 
  • Do not reveal a password on questionnaires or security forms. 
  • If someone demands a password, refer them to your department head. 
  • Avoid storing passwords within applications or using the “Remember Password” feature, unless the application properly secures the password through commonly-accepted methods such as encryption. 

If you have any questions regarding password security, please contact a member of Academic Computing.