Create strong passwords

Armed with your passwords, criminals can get into your online accounts or profiles and steal your money, identity and more. They could even try to blackmail you. That's why you need passwords that are practically impossible to crack, and why you should never share your passwords, even with people you trust.

At a glance

  • Never give your passwords to anyone. Ever.
  • For strong passwords, use long passwords - at least 16 characters.
  • Create a different password for every account. 
  • Do not re-use any password that you previously used for any service.
  • If you've had your password stolen, change it and report it immediately.

University password security

Keeping your Oxford Single Sign On (SSO) and other University account passwords secure is crucial, not only to protecting your email account, but also to preventing unauthorised access to a whole host of University services and data. As a result, the University places a lot of emphasis on password security and it’s important you do your bit to keep your password safe.

Password management at Oxford


  • Unique 12 character passwords for all University accounts.
  • Base passwords on a long memorable phrase or four random words stuck together.
  • Include the use of capital letters, punctuation and/or numbers to meet the Oxford requirements.
  • e.g. Correct-Horse-Battery-Staple


  • Unique 16 character passwords for all University accounts.
  • Add a suffix or prefix to one long master password to create unique passwords.
  • This relies on the security of the master password so make sure no-one else ever finds this out.
  • e.g. This-is-a-really-long-password!_a1%t


  • Unique 20+ character passwords for all University accounts.
  • Use a password manager like KeePass or LastPass to generate long, random, complex passwords.
  • If you’re in UAS and use CONNECT, KeePass is available via the Oxford installer.
  • e.g. 83CkMxusLoZwonufD9h7



How to keep your passwords out of the wrong hands

There's little point having a cast-iron password that takes trillion of years for a computer to crack if you let criminals pinch it from under your nose. The three main ways passwords find their way into the wrong hands are through phishing, malware and companies who don't do enough to keep your information safe. Creating different strong passwords for every account will limit the damage if your personal details gets leaked.

How to create a strong password

Pick a memorable phrase that you won't need to write down (e.g. thisisareallylongpassword). That's it! Despite the fact that many websites insist you use a mix of character types (e.g. upper case, lower case, numbers or symbols) to make your password secure, length is the easiest way to make passwords practically unbreakable.

If you do have to create a password that includes a mix of characters and has a limited character length (as some online services insist), another idea is to choose the initial letters of words in a line from a favourite song or poem, and replace some of the letters with characters that look similar. For example, Shall I compare thee to a summer's day? becomes S1ctt@5d?. If you do need to write it down, make sure you keep it in a secure place away from prying eyes.

How to create a different password for every account

The simplest way to create a different password for each new login you set up is to add extra characters to the end or beginning of your core password. If you're worried you won’t be able to remember each one, it's perfectly safe to note the extra characters down, provided you don’t write down the core password too.

There is also a wide variety of free open-source and commercial password manager programs available for download, such as KeePass, Apple Keychain, LastPass or 1Password. Many have handy extra features such as the ability to generate truly random and almost unbreakable passwords at the click of a button.