How can we help you?

Back to Help Topics

Password Strength Tips & Tricks

Your password for your account is, in most cases, the only thing standing between a hacker and your personal information. As such, having a strong and secure password is essential - but how do you make a password as strong as possible? 


Common problems with passwords

For many of us there is a difficult balance to strike between choosing a secure password and one that you can easily remember. We are often told that a secure password contains a mixture of lower and uppercase, numbers and symbols, but a password such as ' tH7&!me" ' is easy to forget. The alternative of using simple words like "elephant" is much easier to keep track of but also incredibly simple for a malicious attacker to guess.

The crucial aspect of strengthening a password is it's length. A long password, just like a long string of numbers, is harder to guess, regardless of the complexity.

 

Comparison of different password strengths

Below you will find a few example passwords, each with their own strengths and weaknesses for comparison.

Please note that these are listed as examples only, and are not intended to be copied for personal use.


Password1: Passwords that are simply "password" (or variations of) are surprisingly (and worryingly) common. This variation is easy to remember, and contains one of the "common" rules of strong passwords - a mix of upper and lower case and a numerical character. 

However, the easy to remember format of these characters is also incredibly predictable for hackers. They will almost always try capitalising the first character of a password, as well as adding the numbers 1, 12 or 123 to the end. This is because many accounts require a user to add numbers and a mix of upper and lower case characters, at which point the user adapts their existing password in the simplest way possible to fit the criteria required. This kind of password is highly insecure.


happypixiemoondance: At first glance this example might appear absurd, but it is in fact probably one of the strongest of the examples listed here - purely due to its length. As mentioned previously, the longer your password is, the more combinations of letters and characters a hacker has to guess in order to gain access to your account. However, it is also crucial to ensure that the words are chosen at random, or at the very least are not words commonly associated with each other - "carparkingticketstreet" for example are all words with a common link, making them easier to guess when used in conjunction.

Whilst this example breaks one of the golden rules of passwords, which is to avoid the use of dictionary words, by combining several words at random you can regain password security whilst maintaining memorability. 

This kind of password may not be appropriate for all sites as many enforce at least one upper and lower case character, one number and one symbol. You can add such elements if necessary by, for example, capitalising the last letter of each word or separating the words with a certain number.

 

2bon2btit? - Derived from the phrase "To be or not to be, that is the question" using a simple translation, taking the first letters of each word and translating certain sounds into numbers and symbols. It has the best of all worlds - memorable but also possessing high entropy from including a mix of characters. This works best with a sentence, quote or lyric of at least 10 words. 

 

There is another tactic of taking any random character on the keyboard and repeating it 20+ times and combining it with any other random character from a different class: 

%%%%%%%%%%%%%%%%%%%%p is a relatively strong password and actually very memorable. 

 

The Three Golden Rules of Good Passwords

- Never use a dictionary or other common word by itself or even with slight variations.

- Always choose a password of sufficient length - many websites recommend at least 8 characters, but ideally you should aim for 12 or more for a higher level of entropy.

- Make sure your password is memorable - a password is of no use to you if you cannot remember it or if you have to write it on a piece of paper.

If you want to check how secure your password is, you can use an online tool (such as: http://password-checker.online-domain-tools.com/ ) to find out roughly how long it would take a hacker to guess your password.

Service News

Updated 83 days ago

Problems reported sending emails via Gmail account

14:01 on 10th Jan

We are aware of an issue affecting some users sending emails using a Gmail account when changing the 'Send As' address to the service email address. As the emails are not being sent via our servers they do not include a DKIM signature, which can result in failed authentication checks. This can then result in the receiving server rejecting the email or marking it as spam.This can be resolved by sending emails via our servers using one of the following methods:
  1. Send emails using our Webmail program
  2. Add your service email address to Gmail using SMTP
Please note: SMTP is not included with Free Webmail accounts.You can check which of our email packages you are using by logging into your account and going to the My Account page (see button in the top right of Webmail)If you wish to, you are can upgrade an account so that includes SMTP by please doing the following:
  • Go to the My Account page
  • Click See Upgrades, select a package or bolt on and proceed to checkout.
If you have any questions or need any assistance, please feel free to contact our Helpdesk at help@aluminati.net and we will be happy to help.

Spam/Phishing email warning

13:31 on 14th Nov

We have been notified about a new spam/phishing email. This email has the subject 'Mail Deactivation Alert' and states 'unconfirmed emails will be closed due to the new privacy security update' It includes an 'Upgrade Now' link to avoid account closure.
 
This is not a legitimate email from the university or the support team which manages your email service.
 
Please do not follow any of the instructions or click the link in this email
 
If you have not followed any of the instructions or clicked on a link in this email, please feel free to delete the email. If you have, as a precaution, we recommend you immediatly change your password and run a virus scan on your device.
 
Should you need any support please contact our helpdesk team at help@aluminati.net who will be happy to help.
 
You can also check our guide on identifying scam and phishing emails here: https://www.pidgeme.com/content/help/help.php?showarticle=6232
 
Please be assured that our system administrators are constantly working on preventing such emails as part of their ongoing email security efforts.
 
If you are ever unsure about the legitimacy of an email, please contact our helpdesk at help@aluminati.net who will be happy to check it for you.