Password Management Best Practices

Password security is one of the most important steps in keeping your data safe. Davidson College requires your network password to be a minimum of 14 characters in length.  This, along with Duo multi-factor authentication, help reduce the risk of your account being comprised.  Please review our password management best practices below.

Q. How do I create a strong password?
A. A strong password has the following characteristics:

  • Contains a minimum of 14 characters
  • Doesn’t contain your username, personal information, or obvious phrasing
  • Easy for you to remember -- but hard for others to guess!

Q. Is a passphrase a good idea?
A. Yes. Passphrases are highly recommended. A passphrase is a series of words or a phrase that is meaningful to you, but obscure to others. 

Q. What is "credential stuffing"?

A. Credential stuffing is a process by which hackers use a database of known usernames and passwords from previous breaches (i.e. 2016 LinkedIn breach) to log in to other sites using the same credentials. Therefore, it is wise to avoid reusing passwords, especially for sites containing sensitive data.

Q. Should I use a password manager?
A. Yes. Storing passwords on post-it notes allows others to easily access your information. Using a password manager is recommended to avoid recycling passwords and thus falling prey to credential stuffing and phishing attacks. Examples of password managers include LastPass and KeePass. Password managers: 

  • Generate unique passwords so you're not tempted to reuse a few memorized passwords
  • Store all of these less memorable passwords and provide auto-fill
  • Offer two-factor authentication, which requires two different methods of verifying your identity upon password manager login
  • Prevent you from easily providing credentials to malicious actors

Q. Should I ever provide a password/passphrase via email?
A. No. Never share your password or provide your password via email or text message. Davidson will never ask you to provide your password in an email, and no other reputable entity or individual will either.

Q. How do I reset my Davidson password?
A. You can reset your password at https://resetpassword.davidson.edu. If you have forgotten your password and need to recover it, contact T&I for assistance. 

Request Help