Skip to main content
Santa Clara University
Information Services
Information Security

Password Advice

  1. Home
  2. Information Services
  3. Information Security Office
  4. Advice
  5. Cyber Awareness Items
  6. Password Advice
Tips about passwords that can help you protect your information.

Passwords are often the first (and possibly only) defense against intrusion. They protect personal information—information we don’t want anyone to know. In our personal lives, this means financial information, health data, and private documents. At SCU, your password may protect student data, employee data, financial data, research data, or other sensitive information that could damage the university if your account was breached.

Password Common Sense:

  • Password Length: Password length is the most important ingredient to creating strong passwords. The longer the better–we recommend using at least 16 characters for regular accounts and 20 characters for administrative accounts.
  • Unique passwords: Don't reuse passwords between multiple accounts. Create a new password for each new account, and don't share elements between them (such as adding your birth or graduation year to every password)
  • Password Managers: Use a password manager to keep all your passwords safe! We recommend 1Password or KeePass. Check out their free trials and choose one that suits you.
  • Complexity: If you do create your own password, a great option is to take 4 completely unrelated words to create a passphrase. For example, "Correct Horse Battery Staple" is hard to guess and very long. Most systems require numbers or special characters, and adding these will make an even stronger password, such as: C0rrect-Hor5e-B@ttery-Stap1e.
  • Randomness: Humans are bad at making random passwords. Use a password generator, often built into password managers, to create random mixes of characters.

Don’t use the following things in your password:

  • Usernames or part of usernames.
  • Personal information about yourself and/or family members. This includes the personal information that can be obtained very easily, such as your birth date, graduation year, pet or child's name, school mascot, etc.
  • Sequences, consecutive alphabets, numbers or keys on the keyboard (e.g. abcde, 12345, qwerty).
  • An empty password.
  • Common passwords known to criminals because of previous data breaches.

Other password advice:

  • Don’t Share Your Password: Keep it confidential.

  • Change Compromised Passwords Immediately: If you suspect your password has been compromised, change it right away. If you have the slightest doubt that your password has been stolen or compromised, change it!

  • Avoid Browser Password StorageDon't use the "Remember password" option on the browser. Always say "Not Now" or "Never for this site" when the 'Remember Password' box pops up, especially if you're using a computer that does not belong to you. Some malware specifically targets passwords saved in browsers. Use a password manager instead of the "Remember Password" feature in browsers.

  • Public Computer Security: Don’t log in to sensitive websites, like banking or email, on public computers.

To ensure that your information is protected, please take the time to update and strengthen your password. Remember, a password is like a lock. The stronger it is, the harder it is for someone to break in.

Reporting Security Concerns

Be cautious of emails or messages asking for your password. SCU IT will NEVER ask for your password via email.

If you suspect a phishing attempt or believe your password has been compromised, contact the Technology Help Desk at 408-554-5700 or email iso@scu.edu.

Mar 4, 2025