On this page
What a strong password is#
A strong password is difficult for people and computers to guess, and easy for you to remember.
The longer a password is, the stronger it is. You can also use special characters to make it even stronger, such as:
- numbers
- capital letters
- punctuation
- symbols
- passphrases.
Use strong, unique passwords for every account at your school or kura.
Why strong passwords are important#
Simple, short passwords are easy to guess.
For example:
- the password “Monkey”, or “yeknoM” can be cracked in 0.4 seconds by a computer
- the password “Monkey_likes_to_fly” would take a computer years to guess.
Using weak passwords across different accounts can make it easy for a cyber criminal to access personal information about your staff or students, like:
- first and last name
- home address
- personal phone number
- learning records
- bank account details.
They can use this information to steal, sell, or destroy identities and important data.
Creating a strong password#
Make it long and complex#
A password should be a minimum of 10 characters. To make your password complex:
- try to make your password 16 characters or more
- combine random words together to make a passphrase
- use a variation of letters, numbers, and special characters such as @, #, _, &.
Never enter your actual password when testing the strength of it. Only use it to understand how to improve your passwords or passphrases.
Avoid using personal information#
Examples of personal information are the name of your school, a pet, or a family member. This information is easily found online.
Keep it unique#
Give each user an individual login. Shared accounts make it harder to:
- protect the account from unauthorised access
- trace actions to specific users when there is an issue
- discover cyber intruders
- undo any problematic changes.
Avoid reusing the same password that you have used previously, or that you use for another login. And remember passwords are like toothbrushes – don't share them with other people.
Creating a passphrase#
A passphrase is a combination of 4 or more random words and characters. They can be used as a strong password. For example:
- “Purpledishwasherferrymoth”
- “BlueSky!Jumping#Tiger42”
- “Star#Wars$Trilogy99_”
Avoid using common phrases or sayings. Some examples of weak passphrases are:
- “twinkletwinklelittlestar”
- “Weallliveinayellowsubmarine”
- ToBeOrNotToBe”
Securing your logins#
Keep your password secure by:
- not sharing your passwords with others
- signing out of your device when you are not using it
- using a password manager.
If you need to, write your password down in a diary or a notebook that nobody else has access to.
Using a password manager application#
We recommend using a password manager. A password manager is like a digital notebook inside a vault for all your passwords. Password managers can:
- create strong random passwords or passphrases
- remember your passwords
- autofill your passwords into websites for you
- allow you to only have to remember one extra secure password (your master password) to be able to access the ‘password vault’.
The most popular password manager applications are:
- Keychain (only for iPhones or Google)
- Bitwarden
- KeePass
- NordPass
- 1Password.
Using 2-factor authentication#
Two-factor authentication (2FA) adds an extra verification step to access an account or network.
2FA typically requires 2 of the following:
- something you are, such as a fingerprint
- something you know, such as a pin for your phone
- something you have, such as an identification (ID) card.
Even if a cyber criminal has your password, it is much harder to access your account if you’re using 2FA.
What to do if your password is compromised#
If you think your password has been stolen, or your account has been accessed by someone without permission, you can:
- reset your passwords and tokens for any sessions you have – this can be supported by your information technology (IT) lead
- report it to your IT lead or the principal and seek further help
- initiate your incident response plan
- contact your bank if you think your payment information might have been accessed.
You can also report the incident to:
- us, so we can reset your accounts such as Education Sector Logon (ESL) and we can inform Education Payroll (EPL)
[email protected] - Network for Learning (N4L) if the password is to N4L services
Get in touch – Network for Learning.
If your password was protecting an account that had personal information, – for example, your email password, or your student management system password, – you need to report it to the Office of the Privacy Commissioner.
Mōhiohio anō
