Penn Computing
Computing Menu Computing A-Z
Computing Home Information Systems & Computing Penn

Password Selection

Basic password selection rules

Passwords must be:
  • At least 8 characters.
Password must NOT be:
  • All uppercase or all lowercase. (Examples: ivyleague, IVYLEAGUE, and jklasdf are not valid passwords.)
  • Your PennKey username; your first, middle, or last name; or any variation thereof.
  • Based on a dictionary word.
    • "Dictionary" does not simply mean a standard English language dictionary — it also includes foreign language dictionaries and all kinds of specialized dictionaries that hackers use to crack passwords.
    • Embedding a number or case-shift within a word does not make a valid password. Systematic password guessing attacks are sophisticated and will routinely 'crack' such passwords. (Examples: time2go, big$deal, ivyLeague, 2morrow, money$, and Ivyleague are not valid passwords.
  • Composed of all numbers. Embedding decimal points, minus signs, or plus signs within a number does not make a valid password. (Example: 1-609-555-1212 is not a valid password.)

Selecting a Strong Password

  1. Think of a phrase that has special meaning only to you, or conversely that no one would suspect would have any meaning to you:
    Chester Arthur was the twenty-first President of the United States!
  2. Take the first letter of each word (maintaining case) to "assemble" your password:

This is a pretty strong password, and not hard to remember if you keep the source prhase in mind. You can make it even stronger by including the punctuation and "tweaking" it a little:


Of course, since that password is published here, don't use it as your password! For additional guidance, see Managing Passwords and Passphrases.


Information Systems and Computing
University of Pennsylvania
Comments & Questions

University of Pennsylvania Penn Computing University of Pennsylvania Information Systems & Computing (ISC)
Information Systems and Computing, University of Pennsylvania