Virginia Tech® home

How to make a strong password

Setting strong passwords remains one of the most important defenses to keep your data, your identity, and your money safe. Why? Hackers commonly steal passwords by repeatedly throwing out guesses until one finally works. You want to make this as time-consuming (and expensive) for them as possible. 

Here are the Virginia Tech IT Security Office’s (ITSO’s) recommendations for creating and managing passwords. If you’re not already doing everything on this list with your passwords and accounts, make some changes. It only takes a little while and may save you a lot of trouble in the long run:

  • Use long passphrases (12 to 20+ characters). Longer passwords are harder for machines and people to guess. A short, easy-to-guess password, like “Hokie123,” can be guessed by a hacker (person or machine) in a few minutes. In contrast, a random passphrase like “butter chunky abstract donut” is likely to take millions of years to guess. Using a set of random words that add up to a bunch of characters can also be easier for you to remember than a shorter set of random characters and numbers. For more information, see Virginia Tech's password tips.
  • Use a different password for every account. Reusing passwords is a bad idea. If someone gets hold of one password, they have access to every account where you use it. Using unique passwords for each account provides important damage control in the event one of your accounts is compromised, and saves you time as you only have to change one password.
  • Change default passwords on devices connected to your home (or any!) network. Did you know that there are websites out there that list the default passwords for common devices, such as camera systems, doorbells, and kitchen gadgets? If you use any device that connects to the internet, change the password to something unique.
  • Use a password manager. The challenge to using unique passwords across accounts is that it can be hard to memorize them all. Password managers store encrypted versions of your passwords and allow you to log into your accounts automatically. If you prefer to write down passwords with pen and paper, that is fine —but store that paper in a safe place.
  • Utilize 2-Factor authentication (2FA) whenever possible. Our list of basic cybersecurity tips has more details on 2FA, but the short story is this: 2-factor requires another factor in addition to a password, such as code sent to your phone, to gain access to an account. This adds a layer of security above and beyond a strong password.

Have questions? Need to change your VT passphrase? Contact 4Help at 4help.vt.edu, or call 540-231-4357.

Cybersecurity Awareness
7 Basic Cybersecurity Tips
Making Strong Passwords
Encryption 101
How to Spot Phishing