Protect Passwords
Para ver la informacion de esta pagina en Español seleciona Español en el menú debajo.
QUICKLINKS:
For more information, refer to the following University of California Policies and Standards:
(Back to Minimum Requirements Main Page)

Use strong, unique passwords and keep them secret
- Passwords should be at least eight (8) characters long with a mixture of upper- and lower-case letters, numbers, and symbols. Those between 12-15 characters should use a combination of mixed case letters and numbers. Passwords with 16-19 characters must include mixed-case letters and there are no restrictions on passwords over 20 characters. UC recommends passwords between 16-25 characters, also known as passphrases.
- Passphrases consisting of several words separated by spaces can be easier for you to remember but hard for anyone else to guess.
- A few memorable, unrelated words can also be a good password, as illustrated in this cartoon.
- Passwords shouldn't be a complete dictionary word, your username or login, child's name, pet's name, birthdays, or anything else easily guessable.
- Be aware that "password cracker" programs check for common symbol substitutions in words.
- Kaspersky's password strength checker can help gauge the strength of a password and show you how easily it can be hacked. Note: Do NOT enter your actual password.
- Use different passwords for different accounts. Also, use different passwords for work and non-work.
Protect your Passwords
- Don't reveal your passwords to anyone, even if they say there’s a good reason.
- This includes co-workers and supervisors.
- ITS will never ask you for your password. Neither should any reputable service provider.
- Avoid writing your passwords down.
- PASSWORD MANAGERS: Passwords can also be stored securely in free and low-cost "password vault-type" encryption tools, including your computer's keychain. See UCSC's Password Standards for details. Best password managers to use
- If you need to write your password down on paper, safeguard the paper in a locked drawer or cabinet rather not on or under your monitor/keyboard, or in a drawer near your computer!
- Change initial passwords, password resets and default passwords the first time you log in. These passwords can be extra vulnerable to guessing or hacking.
- Ensure that passwords are transmitted securely. Before logging in to a web site, look for "https" (not http) in the URL to indicate that there is a secure connection.
Enable Two-Step/Multi-Factor authentication or other layers of protection where available
Adding another layer of protection means someone needs more than just your password to get in.
- Examples include use of a one-time code in addition to a password, typically sent via text, app, or voice when you want to log in; thumb scans (biometrics); and lockouts after several incorrect login attempts.
- MFA is required for access to UCSC services using the CruzID Gold password login.
- Enable Google's two-step verification for your UCSC Google account.
(Back to Minimum Requirements Main Page)