Protect Passwords

Para ver la informacion de esta pagina en Español seleciona Español en el menú debajo.

For more information, refer to the following University of California Policies and Standards:

Passwords should be at least eight (8) characters long with a mixture of upper- and lower-case letters, numbers, and symbols. Those between 12-15 characters should use a combination of mixed case letters and numbers. Passwords with 16-19 characters must include mixed-case letters and there are no restrictions on passwords over 20 characters. UC recommends passwords between 16-25 characters, also known as passphrases.
Passphrases consisting of several words separated by spaces can be easier for you to remember but hard for anyone else to guess.
- A few memorable, unrelated words can also be a good password, as illustrated in this cartoon.
- Passwords shouldn't be a complete dictionary word, your username or login, child's name, pet's name, birthdays, or anything else easily guessable.
Be aware that "password cracker" programs check for common symbol substitutions in words.
- Kaspersky's password strength checker can help gauge the strength of a password and show you how easily it can be hacked. Note: Do NOT enter your actual password.
Use different passwords for different accounts. Also, use different passwords for work and non-work.

Don't reveal your passwords to anyone, even if they say there’s a good reason.
- This includes co-workers and supervisors.
- ITS will never ask you for your password. Neither should any reputable service provider.
Avoid writing your passwords down.
- PASSWORD MANAGERS: Passwords can also be stored securely in free and low-cost "password vault-type" encryption tools, including your computer's keychain. See UCSC's Password Standards for details.
- If you need to write your password down on paper, safeguard the paper in a locked drawer or cabinet rather not on or under your monitor/keyboard, or in a drawer near your computer!
Change initial passwords, password resets and default passwords the first time you log in. These passwords can be extra vulnerable to guessing or hacking.
Ensure that passwords are transmitted securely. Before logging in to a web site, look for "https" (not http) in the URL to indicate that there is a secure connection.

Examples include use of a one-time code in addition to a password, typically sent via text, app, or voice when you want to log in; thumb scans (biometrics); and lockouts after several incorrect login attempts.
MFA is required for access to UCSC services using the CruzID Gold password login.
Enable Google's two-step verification for your UCSC Google account.