How to set a good password

As computer users we each have a responsibility to prevent others from breaking into the computer system through our computer account.

What makes a good password?

A good password should be easy to remember but must be difficult to guess:

  • Do not make the password the same as your account name.
  • Do not use your surname or any of your forenames as a password.
  • Do not use the names of your partner, relative, dog, cat, budgie …
  • Do not use your car registration number – even an old one!
  • Do not use your address.
  • Do not use any word found in a dictionary (nor plurals) even with a numeral on the end.

A good password should:

  • Be at least nine characters long
    – a longer password is harder to crack, but may be more difficult to remember.
  • Ideally be a random sequence of letters, numbers and punctuation characters – please avoid using the following symbols as they are known to cause login problems with main University systems:  ”  £  <  : % ) @ and !
  • Be a mixture of upper and lower case letters and include at least one number – all Cardiff University systems recognise case sensitivity in passwords.

A good password could:

  • Be bits of more than one word joined by punctuation (eg riti-lio from bRITIsh LIOns).
  • Use the initial letters of a memorable phrase (see below video for more details).

Good practice

You should avoid writing your password down, however if you must write it down then take precautions to prevent others from accessing it e.g.

  • store the written password somewhere safe e.g. in a locked drawer
  • disguise the password in a jumble of other letters
  • don’t write what system the password is for
  • don’t write your username next to the password
  • Never write your password on a Postit and stick it to your monitor.

Do not divulge your password for any reason. Divulging your password contravenes Information Services Regulations and University Regulations by which you are bound.

Do not log in with someone looking over your shoulder.


If you think your password may have been compromised, change it as soon as possible via the Password Management section on the right hand side in the Intranet log-in screen. If in doubt please contact who will change it for you.

Password Strength

Use the password strength testing tool to check the strength of your password.

Video: How to set a strong, memorable password.