Password Security

Do you ever feel like you have to keep track of more and more accounts, usernames, and passwords with each passing year? It's so overwhelming that sometimes it's tempting to create a password that's the easiest to remember instead of the one that's the most secure. While all of your accounts should have unique passwords it is imperative that your W&M password is not used for any other purpose.

As a member of the William & Mary community you should never forget that your password is the safeguard for your privacy and personal information. The password that we all use to access university computing systems (email, Banner, Blackboard, etc...) should be as secure as possible.

What you can do
  • Don't share your account and password with anyone. This is in the Acceptable Use Policy.
  • Don't write your password down.
  • Never use your William & Mary password for any other service.
  • Be aware of phishing.
  • Enable two-factor authentication (like Duo) on every account that supports it
How you can create an effective password
  • Length is far more important than complexity. The longer the better.
  • Remove all the vowels from a short phrase. Example: llctsrgry ("All cats are gray")
  • Use an acronym. Choose the first or second letter of your favorite quotation. ("itsotfitd" for "It's the size of the fight in the dog")
  • Mix letters and non-letters in your passwords (numbers and punctuation characters on the keyboard).
  • Transform a phrase by using numbers or punctuation ("Idh82go" for "I'd hate to go" or "UR1drful" for "You are wonderful").
  • Avoid choosing a password that spells a word. But, if you must, then introduce "silent" characters into the word ("va7ni9lla").
  • Deliberately misspell a word in a phrase ("I lov3 choklutt").
  • Add random capitalization to your passwords. Capitalize any but the first letter. ("eIeIoH!" or "o.U.Kid")
  • Don't ever use your first, middle, or last name in any form.
  • Don't put non-alphabetic characters at the beginning or end of words. Passwords like 7laptop or rockiesx are easily guessed by password guessing programs.
Storing passwords

Password managers provide a secure program in which you can safely store all of your passwords. Read the OUCH! Newsletter to learn more about how password managers work and how to choose the one that's best for you. 

Be cautious of storing passwords in your browser because

  • if your computer or mobile device is ever lost or stolen, the person who possesses it will have complete access to any online accounts that you allowed the browser to store the passwords for.
  • if a hacker ever takes control of your computer, he or she may have complete access to your online accounts if their passwords have been stored.
  • storing your passwords makes your accounts vulnerable to others who may attempt to access your computer when you aren't around. Always remember to "lock it when you leave it".
Concerned about your password?

If you think someone may have guessed your password, or you shared it, or if your account has been compromised, you should change your password immediately! and contact [[abuse]]. If your account has been compromised due to phishing, forward the phish email to [[abuse]].

For additional password support or questions about password protections, contact the Technology Support Center at [[support]] or 757-221-4357.