Password Tips

Using strong and secure passwords for your all of your accounts is one of the most important ways to stay safe online. This page provides tips on creating and maintaining secure passwords.

Create Strong Passwords

Strong passwords, or passphrases, are ones that do not contain personally identifiable information and that also force password-cracking computer programs to try as many combinations of characters as possible. A long password is a strong password. To be considered strong, a passphrase should contain 12 or more characters. Your USC NetID password should be between 12 and 32 characters long.

Creating and remembering a passphrase is often simpler than creating and remembering a password. A passphrase can be made up of several words that form a phrase or sentence. Such passphrases are more secure than shorter, complex passwords.

Although a passphrase cannot be a single stand-alone dictionary word or a common phrase, it can be made up of several words that form a phrase or sentence. The longer you make your passphrase, the more secure it will be. Other optional but recommended ways of increasing your passphrase’s security include adding a capital letter, punctuation mark, or number in the middle of your passphrase, misspelling words, or swapping the order of the words.

Create Different Passwords for Different Accounts

If you have one password for all your accounts, anyone who gets a hold of your password will have access to all your information. Even slight variations of the same idea can offer significantly greater protection.

Keep Your Passwords Private

Do not write your passwords down and keep them in a place where others might see them, and do not share your passwords with others. Although it may seem convenient to have a friend check your email account or log into your computer, any time that you share your password, you greatly increase the risk that your account will be compromised. If you store passwords on your mobile devices, make sure that you keep your devices locked when not in use to prevent unauthorized access.

Be aware that sharing access to your USC computing account is a violation of university policy. For more information on password policies, please visit cio.usc.edu/policies/computing/ and read section 4.2.2.

Change Your Passwords At Least Once Every Year

The longer your password remains the same, the greater the likelihood that a hacker will crack it and break into your account. Hackers use malicious programs to try thousands of passwords against your account until they find a match. To ensure the security of your personal information, it is important to change all of your passwords at least once every year.

Don’t Reply to Suspicious Emails

Even the strongest passphrase must be kept a secret to remain effective. Please remember that no legitimate entity will send you an email requesting that you provide your user name, password, or other personal information, such as social security or credit card numbers. If you receive such an email (also known as “phish”) at your USC account, please forward it to security@usc.edu. For help with learning how to identify phish, see ITS’s About Phishing page.

If a hacker obtains your password through a phishing attempt, your account is considered compromised. Many cyber criminals use compromised email accounts to send out spam and phishing messages from legitimate email addresses. A key sign that your email account has been compromised would be receiving error messages for email that you know you did not send. If you are shut out of an account and cannot log in, the account might have been hacked.

If you suspect that your USC NetID account has been compromised, go to the USC NetID Accounts Services page and change your password immediately. Once you have changed your password, click the Report an Information Security Incident button at the top of this page so that we can gather the necessary information to prevent a larger security problem.

Additional Help

For problems with your USC NetID password, or for additional information on password security, please contact the ITS Customer Support Center.