Tips for Creating a Secure Password

Choose a CCID password that is something you will find easy to remember. Never write it down, and never tell anyone your password. This includes family members, friends, or coworkers.

IST or other University staff will never need to ask you for your password.

  • Your password must be at least ten (10) characters.
  • It must use both upper and lowercase letters. It should contain at least one digit or special character.
  • It must not be based on a single word found in any dictionary (in any language, including odd ones like Klingon and Elvish). For example, “Football” would be unacceptable but “ILoveFootballOnSaturdays2” would work.
  • Instead of a password, choose a passphrase. The longer the passphrase, the more secure your account.
  • You can take a phrase like “pick up eggs for breakfast” and then:
    • Take out the spaces
    • Add a number
    • Capitalize a letter
    • Add a special character


  • This example follows all the required and recommended rules, but is much easier to remember than multiple misspelled words or miscellaneous numbers/characters.

Want to learn more about passphrases? Read this newsletter, published by the SANS Institute.

If your first attempt doesn’t work, try something different. Our system is programmed to reject commonly used passwords (these are the first things that hackers will try), single words from other languages, and the examples found on this page and in the newsletter.

Remember! You are responsible for all activity that originates from your account. Letting someone use your CCID and password is strictly against the IST Conditions of Use and can result in account suspension! Visit the Information Management & Technology Policies webpage for more details.