Skip Navigation

Password Protection Tips

  • Do not write your password down and leave it near your computer.  It is very easy for someone to steal your password if it is written down near your computer.  Even if it is not in plain sight, someone who is looking for passwords is going to look under your keyboard or mousepad first.  If you need a reminder, just write down a short clue, or store the written password in a locked and secure place.

  • Don't share your password with ANYONE. Not with family, trusted friends, co-workers, or anyone claiming to be from another part of Johns Hopkins.  Each password should be used by only one person, and each person should have their own unique password that no one else knows.

  • Don't use the same password for everything.  Using the same password for everything is like using the same key for your office, home, car, bicycle, gym locker, etc.  If your password is stolen, the "bad guy" will have access to all of your accounts and personal information.   Consider using a password manager.

  • Use a strong password.  Be creative.  Passwords should be longer than 8 characters and include upper- and lower-case letters, numbers, and symbols.  Consider using a passphrase instead of a password.  A passphrase is a short phrase or sentence whose length provides added security.  The benefit of a passphrase is that it is usually easier to remember than a complex password.  An example of a passphrase is:  My d0ggi3 i5 C()te!    Consider using a password manager.

  • Don't give your password over the phone to anyone claiming to be from the HelpDesk or Technical Support.  No one from IT @ JH should ever need you to provide your password in order for them to be able to troubleshoot a problem.
  • Set up password recovery options and keep them up to date.  Many sites, including Johns Hopkins, use secret questions, alternative recovery email addresses, or mobile phone numbers, to utilize if you forget your password or get locked out.  Some sites will use your pre-configured alternate email address to send you a link to click to change your password.  Be sure to set up these recovery methods and verify them periodically to ensure that they are still accurate.  Use secret questions whose answers you will always remember.

  • Use a password manager.  It is not easy to use and keep track of a unique complex password or passphrase for every account and website you visit.  Password managers store all of your login information for your websites and help you log into them automatically.  The database of all of your passwords is encrypted with one master password, and that is the only one you need to remember.