Create Strong Passwords

Successful cyberattacks often start with a hacker using an automated system to rapidly “crack” passwords. Your password strength can be the difference between a successful or unsuccessful attack against UT Southwestern or your personal account.

UT Southwestern uses multifactor authentication as an additional layer of protection against password compromises to prevent unauthorized users from gaining access to your account.

Use Longer Passwords

Longer passwords are exponentially harder to crack. UT Southwestern requires passwords with a minimum of 10 characters or more, but the more characters used, the more secure we will be, as shown in the Password Vulnerability Statistics table below.

Password Vulnerability Statistics

Time it Takes a Hacker to Brute Force Your Password
Number of Characters Numbers OnlyLowercase LettersUpper & Lowercase LettersNumbers, Upper & Lowercase LettersNumbers, Upper & Lowercase Letters, Symbols
4 Instantly Instantly Instantly Instantly Instantly
6 Instantly Instantly Instantly 1 second 5 seconds
8 Instantly 5 seconds 22 minutes 1 hour 8 hours
10 Instantly 58 minutes 1 month 7 months 5 years
12 25 seconds 3 weeks 300 years 2K years 34K years
14 41 minutes 51 years 800K years 9M years 200M years
16 2 days 34K years 2B years 37B years 1TN years
18 9 months 23M years 6TN years 100TN years 7QD years
Data Source: Hive Systems

Additional UTSW Security Controls

UT Southwestern uses additional security controls for password protection such as internal weak password cracking and resets, multifactor authentication, and compromised credential monitoring.

Password Tips and Basics

  • Keep It Unique to UTSW
    Do not use your UT Southwestern password for any other online services.
  • The Longer the Better
    Your secret password trick probably isn’t very clever. Consider using a long passphrase containing uppercase and lowercase letters, numbers, and symbols instead of a password.
  • Build a Passphrase
    An easy way to build a passphrase is to use four or more words together to create the phrase. Passphrases provide a good way to compose strong, lengthy passwords that are easier to remember, type, and are naturally complex.
  • If Compromised, Change Immediately
    Always change your password after any suspected password compromise (e.g., a computer virus, a successful phishing attempt, etc.)
  • No Sharing
    Sharing user IDs or passwords is strictly forbidden.

Related Terms & Definitions

Multifactor Authentication
An authentication method that uses two or more credentials to validate a user’s identity, rather than relying on just a simple username and password combination. If the password becomes compromised, unauthorized users will be unable to meet the second authentication requirement and will not be able to access the system.
Phishing
Malicious emails designed to gain access to systems by stealing system credentials or to reveal sensitive data such as financial and healthcare records.

Questions about security awareness?

Office of Information Security
informationsecurity@utsouthwestern.edu