Recommendations for setting strong passwords
Use different passwords for each site you visit: If someone hacks one account and gets your password, how many other sites, or how much data can they access, using that same password?
Set a different password for each website or application you log into.
Use a password management tool: A password management tool allows you to safely store your passwords in an encrypted tool. There are many software options to help you manage your credentials, security questions, etc. Some popular options include 1Password, LastPass, KeePass and PassKey. Note that at this time KeePass is the only approved solution for University passwords.
Use the longest password possible: Different sites have different limitations on the number of characters you can use in your password. Longer passwords are harder to guess or hack than shorter ones.
The University of Illinois accommodates NetID passwords up to 127 characters .
Use Two-Factor Authentication: Two-factor authentication (2FA) requires something you know (your NetID password) and something you own and have (your phone or token) to log in to a service. Without having your phone or token, a hacker won’t be able to receive or send the one-time secret required to authenticate. 2FA is required for faculty, staff, and graduate students.
Sign up for Two-Factor Authentication (2FA) at identity.uillinois.edu.
Stop bad password habits: This is pretty simple. Don’t use your address, birth date, or other easily recognized or obtained information in your passwords.
Check out this handy little video for good password habits.
Provide obscure answers to security questions: Many times, security questions have answers that are easily obtained by hackers. Your first pet’s name? Your kindergarten teacher’s name? Your mother’s/father’s middle name? Without thinking about it, many people include this information in blogs or social media posts.
Instead of answering the question directly, consider adding an appended word to the end of the answer. For example, if the question is, “What city were you born in?,” answer “chicagobaseball” instead of “chicago.”
Another option is to provide a completely bogus answer, which is easily documented and saved in a password manager. For example, if the question is, “What was your kindergarten teacher’s name?,” answer “Jamaica” instead of the real answer.
Set a device passcode/password on your phone and other mobile devices : Set your device to require a passcode or password after waking up from sleep or to unlock the screensaver. It sounds simple, but many devices are accessed because they weren’t password protected.