Password Management: Building Strong, Memorable, and Secure Credentials

Passwords remain one of the most important defenses we have to protect our personal and institutional information. Whether you consider yourself technical or not, understanding how to create and manage strong passwords is essential for safeguarding data, avoiding breaches, and meeting basic security expectations in both academic and workplace environments.

What Makes a Password Secure?

A secure password is one that is difficult for attackers to guess—whether by manual attempts, automated tools, or large-scale credential-stuffing attacks. Length, unpredictability, and uniqueness are the three most important qualities. Attackers often use resources such as rainbow tables—pre-computed lists of hashed passwords—and vast collections of known bad password lists compiled from previous breaches. If your password appears in one of these lists or follows predictable patterns, it becomes dramatically easier to crack.

Complex Passwords vs. Passphrases

Traditional advice has focused on complex passwords: combinations of uppercase and lowercase letters, numbers, and special characters. Examples look like:

Complex password: B7m!Q2$rP9

While strong, these can be very hard to remember and often lead to unsafe habits like writing passwords down or reusing them across sites.

Passphrases, on the other hand, use a sequence of unrelated words to create a long and memorable phrase that is still very difficult for attackers to break:

Passphrase: PurpleHikingCoffeeRain!

Passphrases have the advantage of greater length—one of the most important factors in resisting brute-force attacks—while remaining easier for humans to recall. For most people and most systems, passphrases provide the best balance between usability and security.

How to Create Strong Passwords and Passphrases

A few practical recommendations:

1. Aim for length. A minimum of 14–16 characters is a good baseline.

2. Avoid common phrases or predictable sequences. Never use song lyrics, famous quotes, or anything tied to your identity, such as birthdays or pet names.

3. Mix unrelated words. A good passphrase is random, such as OceanLampTuba47!.

4. Do not reuse passwords. Each account should have its own unique password to contain damage if one password is compromised.

5. Let a password manager help. Tools like the University’s implementation of 1Password can generate, store, and autofill extremely strong passwords so you don’t have to remember them yourself.  Reach out to the Help Desk if you would like to take advantage of this offering.

Standards, Regulations, and Good Practices

Most security standards, including those from NIST (National Institute of Standards and Technology), recommend longer passwords, discourage forced regular password resets, and encourage the use of password managers and multi-factor authentication. You don’t need to know the technical details; the key takeaway is that modern best practices emphasize usability and strength.  We don’t want to make passwords extremely secure, but impossible to remember (so they get written down on Post-it notes).  We want to balance securing the password with it still being user friendly.

The Impact of Poor Password Management

Bad password habits, such as reusing passwords, choosing short or predictable ones, or storing them insecurely, can lead to account compromises, data loss, and unauthorized access to sensitive Booth systems. Even a single weak password can become an attacker’s doorway into an entire network.