Password Requirements
We use a modern, simple, and secure password system.
- Your password must have 8 or more characters.
- You can include your choice of upper and lower case letters, symbols, numbers, and spaces.
- We'll let you know how strong the password you generate is at the time you create it and won't allow it if it is easy to guess (like password123).
Note: our passwords are case-sensitive.
How to create a good password
The best passwords are long, memorable, and hard for a computer to guess. We recommend you use a password generator to create and save your passwords; but if you prefer to create your own, here are some guidelines to help you make a strong password.
Common password mistakes
Common mistakes people make when they create a password are:
- they use common words or number sequences; for example, password, default, blank, and 12345.
- they include things that are easy to guess, such as their last name and birth year, the name of their pet, or the names of their children or partner.
- they use a short password, such as "b1rthd4y", where they mix numbers and letters in a single word and use common number substitutions for letters.
- they create a password so complex they need to write it down to remember it.
How to avoid password mistakes
A better option is to select a long and obscure password that mixes letters, numbers, and cases - but is still easy for you to remember. You could use a phrase that means something to you and get creative with it. Some examples are (don't use these, we recommend you make up your own):
- 2BorNot2B_THATisThe? - To be, or not to be, that is the question - from Shakespeare
- Eye was B0rn di5 w4y - I was born this way - Song by Lady Gaga.
- ghost JUMP jelly Legs - Random words to someone else that mean something to just you.
- My mother eats purple Emus for brunch every Tuesday. - A nonsensical but easy-to-remember sentence with a few capital letters thrown in.
The great thing about these passwords is that they are easy to remember but really hard for a computer to guess.
The best solution
Use a very long complex password in combination with a password management tool like 1Password or LastPass so that you don't ever need to remember it.
Use a different password for all of your accounts. If you use the same password everywhere, all of your accounts become vulnerable when a password database is leaked.
Subscribe to a service like Have I Been Pwned? which will tell you when your email is included in a leaked password database. It happens more often than you think.
Why don't we limit passwords to 8 characters and insist on using symbols?
The old-style passwords where you are given a set of rules (such as your password must have 8 characters with at least 1 capital letter, 1 number, no spaces, and a symbol, like $%^&) give computers a nice set of rules to work with. These passwords are easy for modern machines to guess and difficult for most people to remember.
Our password requirements are based on the premise that the only 'true' security, in password generation, is length. Based on length alone, it will take longer for a computer to brute force an attack.
Credit to the amazing XKCD for the cartoon above. You can find the original here: xkcd.com
Reset your password
If you want to find out how to reset your vWork password please read the article, How do I reset my password?