Skip to Content

Password Security

Passwords are the first line of defense against break-ins to your online accounts and computer, tablet, or phone. Poorly chosen passwords can render your information vulnerable to criminals, so it’s important to make your passwords strong. Below are some informational tips on how to create a password. 

A strong password:

- has at least 15 characters
- has uppercase letters
- has lowercase letters
- has numbers
- has symbols, such as ` ! " ? $ ? % ^ & * ( ) _ - + = { [ } ] : ; @ ' ~ # | \ < , > . ? /
is not like your previous passwords
is not your name
is not your login
is not keyboard pattern, such as qwertyasdfghjkl, or 12345678 
- is frequently changed 
- is never shared
- is easy to remember, but difficult for others to guess

Additional Features that should be utilized

Many organizations are beginning to use other forms of verification in addition to passwords. The following practices are becoming more and more common:

  • two-factor authentication - With two-factor authentication, you use your password in conjunction with an additional piece of information. An attacker who has managed to obtain your password can't do anything without the second component. The theory is similar to requiring two forms of identification or two keys to open a safe deposit box. However, in this case, the second component is commonly a "one use" password that is voided as soon as you use it. Even if an attacker is able to intercept the exchange, he or she will still not be able to gain access because that specific combination will not be valid again.
  • personal web certificates - Unlike the certificates used to identify websites, personal web certificates are used to identify individual users. A website that uses personal web certificates relies on these certificates and the authentication process of the corresponding public/private keys to verify that you are who you claim to be. Because information identifying you is embedded within the certificate, an additional password is unnecessary. However, you should have a password to protect your private key, so that attackers can't gain access to your key and represent themselves as you. This process is similar to two-factor authentication, but it differs because the password protecting your private key is used to decrypt the information on your computer and is never sent over the network.

cyber crimes

Cyber Threats

Make sure to NEVER forget ANY of your password or share it with anyone, which could lead to identity theft , your network being hacked,  phishing attacks  and  social engineering  to name a few. See our  Cyber Threats  page to be better informed on the subject.

In Texas State's Self Service page, Banner, you have the option to grant a proxy (such as a parent, spouse, etc.) access to your student information. In any instance where you grant a third-party access to your account, it is very important to implement strong security controls:

  • Know the Email Address You're Granting Access To: It's critical to understand what type of email account it is and how secure it is. You do not want to accidentally grant access to a shared mailbox, or worse, to the wrong address.
  • Use a Combination of Letters and Numbers for Your Password: Create at least an 8-digit password with both letters and numbers.
  • If Character Sets are not an Option, Increase the Length: Some websites may not let you use symbols and/or restrict you to only a numeric PIN. In this case, you should always increase the length of your PIN. It is recommended to use more than 16 but NEVER use less than 8.
  • Use "Safe Browsing" and Always Clear History: All of the popular web browsers now include some type of "Safe Browsing" or "Private Browsing" feature. This means webpages you visit and files downloaded will not be recorded into the history on your machine. In addition, all cookies will be deleting once you close your browsing window. Browsing history and cookie information may be exploited by hackers to gain unauthorized access into your account.  Visit our Browser Security page to see information on how to set this up.