dialogFor a better experience on Information and Communications Technology Authority (ICTA), update your browser.

Password Guidelines

Consumer Password Guidelines


The following information is general in nature.  It is provided for guidance purposes only and should not be taken as providing a legal interpretation on any of the issues discussed.



1.              Overview

Passwords are a critical component of information security. Passwords serve to protect user accounts (email, bank, etc); however, a poorly constructed password may result in the compromise of those accounts.


2.              Purpose

The purpose of this guideline is to provide consumers with some suggested best practices for the creation of potentially strong passwords.


3.              Scope

This guideline may be applied to all types of passwords including but not limited to web accounts, e-mail accounts, screen saver protection, voicemail and online bank accounts.


4.              Statement of Guidelines

When setting your password or passphrase, you may want to consider the following:


4.1  Passwords to have the following characteristics:

•    Contain at least 8 alphanumeric characters.

•    Contain both upper and lower case letters.

•    Contain at least one number (for example, 0-9).

•    Contain at least one special character (for example, !$%^&*()_+|~-=`{}[]:";'<>?,/).


It is recommended not to write down your password. Instead, try to create passwords that you can remember easily. One way to do this might be to create a password based on a song title, affirmation, or other phrase.


For example, the phrase, "This May Be One Way To Remember" could become the password TmB1w2R! or another variation.


4.2  Passphrases generally are used for public/private key authentication.

A public/private key system defines a mathematical relationship between the public key that is known by all, and the private key, that is known only to the user. Without the passphrase to unlock the private key, the user cannot gain access.


A passphrase is similar to a password in use; however, it is relatively long and constructed of multiple words, which provides greater security against dictionary attacks. Strong passphrases are likely to follow the general password construction guidelines set out above, to include upper and lowercase letters, numbers, and special characters (for example, TheTrafficOnThe101Was*&!$ThisMorning!).


(NOTE: It is suggested not to use either of the above examples as passwords!)