Password Best Practices

Password Do's and Don'ts


  1.     Use strong passwords.
  2.     Use a different password for each account, even for UNH accounts that use the same username.
  3.     Change your passwords every 6 months in accordance with UNH policy.
  4.     Use a password manager.


  1. Don't share your passwords with anyone, ever.
  2. Don't write your username and password on a post-it note under your keyboard or on your monitor.
  3. Don't write down your username and password in the same place, or at all.
  4. Don’t use iterative passwords (JohnDoe1, JohnDoe2, etc.)
  5. Don’t use easily guessed password schemes (numbers or special characters used only at the beginning or end like 11Aloha, 1Aloha1, Aloha11, Aloha!!, !!Aloha)

Methods for Creating a Strong Password

To protect your information and the University, create a strong, unique password for each account you use at UNH.  Strong passwords have the following characteristics:

Length:   Use a password that is 8-15 characters.


Passphrase (not password): Use a passphrase that combines several words into a phrase that is easy for you to remember like “I love mt chocorua” or “ilovemtchocorua”

Use the entire keyboard:  Using uppercase and lowercase letters, numbers, and symbols increases the complexity and therefore the strength of a password. You can strengthen the passphrase above by injecting this kind of additional complexity “ILoV3MtC[]c0ra”.

*At this time, the only special characters allowed in UNH Enterprise passwords are ! ~ % ^ + * - . _ [ ] 


Avoid Dictionary Words: Avoid using words found in the dictionary as part of your password or passphrase.  For example, in the example above, removing the spaces and changing the “e” in love to a “3” allows use of the word “love” without actually using the word as it would be found in the dictionary.

Custom Fields
  • Author: UNH Information Security Services
  • Department: Information Security Services
Attached Files
There are no attachments for this article.
Related Articles RSS Feed
What’s the Deal with Publicly Posted Credentials?
Viewed 1147 times since Thu, Jun 29, 2017
Request for Use of Preferred Name in Specific Application
Viewed 1010 times since Tue, Sep 13, 2016
UNH Policies Affecting Accounts
Viewed 1396 times since Wed, May 13, 2015
Accounts: I am changing jobs within the University. Will I lose my Email account or other IT access? What do i need to do to ensure I have the access I need in my new job?
Viewed 1196 times since Wed, Feb 24, 2016
Accounts Management System FAQ
Viewed 2585 times since Tue, May 12, 2015
Account Classification Overview
Viewed 1868 times since Wed, May 13, 2015
Accounts Frequently Asked Questions
Viewed 3214 times since Thu, Apr 30, 2015
Accounts: About UNH Active Directory Accounts
Viewed 2786 times since Mon, Apr 11, 2016
WebI Account FAQ
Viewed 4906 times since Tue, May 12, 2015
Accounts: What should I do if I think my account is compromised?
Viewed 1235 times since Wed, Feb 24, 2016