My guide is minimum 8 characters comprising upper lower case, numbers and symbols (where the system allows them).

 

I disagree with “change it often”. If a password is properly secure then there is no need to change it. Some of my internet passwords have been the same for nearly 20 years (in one case) and if you haven’t given it away, written it down or breached it in some other way, then I would suggest keeping it. All changing it does is give help desks work. Don’t keep it forever (my example is extreme), but you get what I mean.

 

Also do NOT substitute letters for equivalent numbers, e.g. 4 for A or 1 for i.

Don’t use dictionary words – especially where the system will allow infinite tries to guess it.

I would recommend something meaningful to you but garbage to most other people e.g.

 

!MHiCiO4iaMG!  =   !My Hobby is Cars I own four including an MG! – This is a long complex password, but I can remember it.

 

For a properly random password do a search for diceware – used in some government departments.

 

Suppose I’d better change my Halifax password now.

 

Simon Howarth.

 

 

<snip>

All archives of messages are stored permanently and are available to the world wide web community at large at http://www.jiscmail.ac.uk/lists/data-protection.html

Selected commands (the command has been filled in below in the body of the email if you are receiving emails in HTML format):

All user commands can be found at http://www.jiscmail.ac.uk/help/commandref.htm and are sent in the body of an otherwise blank email to [log in to unmask]

Any queries about sending or receiving messages please send to the list owner [log in to unmask]

(Please send all commands to [log in to unmask] not the list or the moderators, and all requests for technical help to [log in to unmask], the general office helpline)