On this page
What a strong password is
A strong password is difficult for people and computers to guess, and easy for you to remember.
The longer a password is, the stronger it is. You can also use special characters to make it even stronger, such as:
- numbers
- capital letters
- punctuation
- symbols
- passphrases.
Use strong, unique passwords for every account at your school or kura.
Why strong passwords are important
Simple, short passwords are easy to guess.
For example:
- the password “Monkey”, or “yeknoM” can be cracked in 0.4 seconds by a computer
- the password “Monkey_likes_to_fly” would take a computer years to guess.
Using weak passwords across different accounts can make it easy for a cyber criminal to access personal information about your staff or students, like:
- first and last name
- home address
- personal phone number
- learning records
- bank account details.
They can use this information to steal, sell, or destroy identities and important data.
Creating a strong password
Make it long and complex
A password should be a minimum of 10 characters. To make your password complex:
- try to make your password 16 characters or more
- combine random words together to make a passphrase
- use a variation of letters, numbers, and special characters such as @, #, _, &.
Never enter your actual password when testing the strength of it. Only use it to understand how to improve your passwords or passphrases.
Avoid using personal information
Examples of personal information are the name of your school, a pet, or a family member. This information is easily found online.
Keep it unique
Give each user an individual login. Shared accounts make it harder to:
- protect the account from unauthorised access
- trace actions to specific users when there is an issue
- discover cyber intruders
- undo any problematic changes.
Avoid reusing the same password that you have used previously, or that you use for another login. And remember passwords are like toothbrushes – don't share them with other people.
Creating a passphrase
A passphrase is a combination of 4 or more random words and characters. They can be used as a strong password. For example:
- “Purpledishwasherferrymoth”
- “BlueSky!Jumping#Tiger42”
- “Star#Wars$Trilogy99_”
Avoid using common phrases or sayings. Some examples of weak passphrases are:
- “twinkletwinklelittlestar”
- “Weallliveinayellowsubmarine”
- ToBeOrNotToBe”
Securing your logins
Keep your password secure by:
- not sharing your passwords with others
- signing out of your device when you are not using it
- using a password manager.
If you need to, write your password down in a diary or a notebook that nobody else has access to.
Using a password manager application
We recommend using a password manager. A password manager is like a digital notebook inside a vault for all your passwords. Password managers can:
- create strong random passwords or passphrases
- remember your passwords
- autofill your passwords into websites for you
- allow you to only have to remember one extra secure password (your master password) to be able to access the ‘password vault’.
The most popular password manager applications are:
- Keychain (only for iPhones or Google)
- Bitwarden
- KeePass
- NordPass
- 1Password.
Using 2-factor authentication
Two-factor authentication (2FA) adds an extra verification step to access an account or network.
2FA typically requires 2 of the following:
- something you are, such as a fingerprint
- something you know, such as a pin for your phone
- something you have, such as an identification (ID) card.
Even if a cyber criminal has your password, it is much harder to access your account if you’re using 2FA.
What to do if your password is compromised
If you think your password has been stolen, or your account has been accessed by someone without permission, you can:
- reset your passwords and tokens for any sessions you have – this can be supported by your information technology (IT) lead
- report it to your IT lead or the principal and seek further help
- initiate your incident response plan
- contact your bank if you think your payment information might have been accessed.
You can also report the incident to:
- us, so we can reset your accounts such as Education Sector Logon (ESL) and we can inform Education Payroll (EPL)
[email protected] - Network for Learning (N4L) if the password is to N4L services
Get in touch – Network for Learning.
If your password was protecting an account that had personal information, – for example, your email password, or your student management system password, – you need to report it to the Office of the Privacy Commissioner.
Mōhiohio anō
