Protect Passwords

Para ver la informacion de esta pagina en Español seleciona Español en el menú debajo.

For more information, refer to the following University of California Policies and Standards: 



(Back to Minimum Requirements Main Page)

Use strong, unique passwords and keep them secret

  • Passwords should be at least eight (8) characters long with a mixture of upper- and lower-case letters, numbers, and symbols. Those between 12-15 characters should use a combination of mixed case letters and numbers. Passwords with 16-19 characters must include mixed-case letters and there are no restrictions on passwords over 20 characters. UC recommends passwords between 16-25 characters, also known as passphrases.
  • Passphrases consisting of several words separated by spaces can be easier for you to remember but hard for anyone else to guess.
    • A few memorable, unrelated words can also be a good password, as illustrated in this cartoon.
    • Passwords shouldn't be a complete dictionary word, your username or login, child's name, pet's name, birthdays, or anything else easily guessable.
  • Be aware that "password cracker" programs check for common symbol substitutions in words.
  • Use different passwords for different accounts. Also, use different passwords for work and non-work.

Protect your Passwords

  • Don't reveal your passwords to anyone, even if they say there’s a good reason.
    • This includes co-workers and supervisors.
    • ITS will never ask you for your password. Neither should any reputable service provider.
  • Avoid writing your passwords down.
    • PASSWORD MANAGERS: Passwords can also be stored securely in free and low-cost "password vault-type" encryption tools, including your computer's keychain. See UCSC's Password Standards for details. Best password managers to use
    • If you need to write your password down on paper, safeguard the paper in a locked drawer or cabinet rather not on or under your monitor/keyboard, or in a drawer near your computer!
  • Change initial passwords, password resets and default passwords the first time you log in. These passwords can be extra vulnerable to guessing or hacking.
  • Ensure that passwords are transmitted securely. Before logging in to a web site, look for "https" (not http) in the URL to indicate that there is a secure connection.

Enable Two-Step/Multi-Factor authentication or other layers of protection where available

Adding another layer of protection means someone needs more than just your password to get in.

  • Examples include use of a one-time code in addition to a password, typically sent via text, app, or voice when you want to log in; thumb scans (biometrics); and lockouts after several incorrect login attempts.
  • MFA is required for access to UCSC services using the CruzID Gold password login.
  • Enable Google's two-step verification for your UCSC Google account.

(Back to Minimum Requirements Main Page)