We use a modern, simple, and secure password system.
Your password requires 8 characters or more. You can include your choice of upper and lower case letters, symbols, numbers, and spaces. We'll let you know how strong the password you generate is at the time you create it and won't allow it if it is easy to guess (like password123).
Note: our passwords are case-sensitive.
How to create a good password
The best passwords are long, memorable, and hard for a computer to guess. We recommend you use a password generator to create and save your passwords; but if you prefer to create your own, here are some guidelines to help you make a strong password.
Common password mistakes
Common mistakes people make when creating passwords are:
- using common words or number sequences, for example, password, default, blank, and 12345.
- using things that are easy to identify, such as your last name and birth year, the name of your pet, or the names of your children or partner.
- having a short password such as "b1rthd4y" where you mix numbers and letters in a single word and use common number substitutions for letters.
- creating a password so complex you need to write it down to remember it.
How to avoid password mistakes
A better option is to select a long and obscure password that mixes letters, numbers, and cases - but is still easy for you to remember. You could use a phrase that means something to you and get creative with it. Some examples are (don't use these, we recommend you make up your own):
- 2BorNot2B_THATisThe? - To be, or not to be, that is the question - from Shakespeare
- Eye was B0rn di5 w4y - I was born this way - Song by Lady Gaga.
- ghost JUMP jelly Legs - Random words to someone else that mean something to just you.
- My mother eats purple Emus for brunch every Tuesday. - A nonsensical but easy-to-remember sentence with a few capital letters thrown in.
The great thing about these passwords is that they are easy to remember but really hard for a computer to guess.
The best solution
Use a different password for all of your accounts. If you use the same password everywhere, all of your accounts become vulnerable when a password database is leaked.
Subscribe to a service like Have I Been Pwned? which will tell you when your email is included in a leaked password database. It happens more often than you think.
Why don't we limit passwords to 8 characters and insist on using symbols?
The old-style passwords where you are given a set of rules such as, use 8 characters with at least 1 capital letter, 1 number, no spaces, and a symbol, like $%^&, give computers a nice set of rules to work with. These passwords are easy for modern machines to guess and difficult for most people to remember.
Our password requirements are based on the premise that the only 'true' security, in password generation, is length. Based on length alone, it will take longer for a computer to brute force an attack.
Credit to the amazing XKCD for the cartoon above. You can find the original here: xkcd.com