Skip to main content

Strong Passwords

Use a strong password for your WVU Login account.

Passwords 12-characters or longer that use numbers, capital letters, and symbols are the hardest to crack. Using a high-end graphics processor, it would take approximately six days for an attacker to generate every combination of an 8-character password that uses upper and lower case letters, numbers, and symbols. It would take approximately 89 years to generate every combination of a 10-character password.

While there are other factors that can increase the time it takes to generate password attempts, those factors are outside your control. The length of your password is within your control. Use the following tips to create a strong password for your WVU Login account:

  • Ten characters is good. Twelve characters is even better.
  • Use upper and lower case letters, numbers, and symbols.
  • NEVER use biographical details like your name, username, pet's name, phone number, or other information that people can easily find out about you. The same applies to password-reset questions.
  • DO NOT use common patterns in creating your passwords. Attackers are aware of common substitutions and patterns. Don’t make it easy on an attacker. Substituting ‘$’ for ‘s’ or ‘0’ for ‘o’, capitalizing the first letter in a word, and ending with numbers are very common patterns. “Not4u2n0!” is clever, meets all the requirements and is in every attacker’s password list.
  • DO NOT use a dictionary word. Using a single dictionary word in a password is not sufficient. Attackers have extensive dictionary lists pre-built. If the prepared lists don’t return a match, attackers try every combination of letters, numbers, special characters, and words in a brute force attack. A minimum of five completely random words would be necessary to provide protection from brute force attempts.

Keep your WVU Login password secure.

After you have created a strong password for your WVU Login, be sure to protect it.

  • NEVER share your WVU Login password with anyone.
  • NEVER leave your password where someone can find it. Under the keyboard, taped to the monitor, or taped to the wall is not a good place to keep passwords. If you must write a password down, store it in a locked location.
  • Enroll in two-factor authentication. Instructions to enroll can be found online.
  • NEVER click on links from unknown senders requesting you provide your WVU Login username and password. If you have fallen for one of these phishing scams, go to and change your password immediately..

Use strong passwords at home, too.

  • Create strong passwords for each personal account using the tips provided above and keep those passwords secure.
  • Enable strong authentication on all personal accounts.
  • Consider using a well-reviewed cross-platform password manager that can generate very long complex passwords for every application. Select a product that offers strong authentication. Additional information on password managers can be found at: CSO Online: Top Password Managers Compared and at Consumer Reports: How to Keep Your Online Passwords Safe and Manageable.
  • Password-protect your phone and/or tablet. Mobile devices can reveal a lot of information. Banking applications, password managers, email, social networking, photos and text messages could all be available to strangers and bad guys on an unlocked device.
  • NEVER reuse passwords. Use a unique password for each of your important accounts. That way, if one account is compromised, the attacker won't have immediate access to the rest of your accounts.
  • Change your password regularly. With enough time and resources, an attacker will be able to crack your password. Don’t give them the time.