Password Best Practices
Password Do's and Don'ts
- Use strong passwords.
- Use a different password for each account, even for UNH accounts that use the same username.
- Change your passwords every 6 months in accordance with UNH policy.
- Use a password manager.
- Don't share your passwords with anyone, ever.
- Don't write your username and password on a post-it note under your keyboard or on your monitor.
- Don't write down your username and password in the same place, or at all.
- Don’t use iterative passwords (JohnDoe1, JohnDoe2, etc.)
- Don’t use easily guessed password schemes (numbers or special characters used only at the beginning or end like 11Aloha, 1Aloha1, Aloha11, Aloha!!, !!Aloha)
Methods for Creating a Strong Password
To protect your information and the University, create a strong, unique password for each account you use at UNH. Strong passwords have the following characteristics:
Length: Use a password that is 8-15 characters.
Passphrase (not password): Use a passphrase that combines several words into a phrase that is easy for you to remember like “I love mt chocorua” or “ilovemtchocorua”
Use the entire keyboard: Using uppercase and lowercase letters, numbers, and symbols increases the complexity and therefore the strength of a password. You can strengthen the passphrase above by injecting this kind of additional complexity “ILoV3MtCc0ra”.
*At this time, the only special characters allowed in UNH Enterprise passwords are ! ~ % ^ + * - . _ [ ]
Avoid Dictionary Words: Avoid using words found in the dictionary as part of your password or passphrase. For example, in the example above, removing the spaces and changing the “e” in love to a “3” allows use of the word “love” without actually using the word as it would be found in the dictionary.