One of the most common ways hackers gain access to personal information is by cracking passwords. New tools allow attackers to test substantial amounts of password “guesses” on thousands of computers, and it only takes one correct attempt to cause irreparable damage.

Your online accounts – including your GatorLink – hold a plethora of personal information that could allow hackers access to your files, money, or identity, as well as those of your school or employer! Even seemingly inconsequential information can be dangerous in the wrong hands; social engineers can weaponize small details about an individual by using that information for impersonation, thereby gaining access to much more sensitive information.

The first step in protecting yourself from these attacks is following sound password practices. Read on to learn more about the best ways to set and enhance your passwords.

Need to update your GatorLink password? Visit the GatorLink Account Management Portal.

Setting Strong Passwords

There are two main categories of passwords to consider: traditional and passphrases. Both can sufficiently protect your accounts when configured correctly.

Traditional Passwords

The table below shows the estimated time it would take an attacker to guess your password, based upon it’s length and composition. As shown, longer and more complex passwords are strongest.

 Number of CharactersNumbers OnlyLowercase LettersUpper and Lowercase LettersNumbers, Upper and Lowercase LettersNumbers, Upper and Lowercase Letters, Symbols
6InstantlyInstantlyInstantly1 sec5 sec
7InstantlyInstantly25 sec1 min6 min
8Instantly5 sec22 min1 hour8 hours
9Instantly2 min19 hours3 days3 weeks
10Instantly58 min1 month7 months5 years
112 sec1 day5 years41 years400 years
1225 sec2 weeks300 years2k years34k years
134 min1 year16k years100k years2m years
1441 min51 years800m years9m years200m years
156 hours1k years43m years600m years15bn years
162 days34k years2bn years37bn years1tn years
174 weeks800k years100bn years2tn years93tn years
189 months23m years61tn years100tn years7qd years
  • All passwords must contain at least 8 characters, though using 14 or more will make your password hack-resistant
  • Do not contain words found in a dictionary, or the name of any character, person, product, organization, or media
  • Combine uppercase letters, lowercase letters, numbers, and symbols
    • Avoid common substitutions of letters (such as 0 for o, or $ for S), as password crackers know and frequently guess such replacements
  • Make them significantly different than your other passwords
  • Mix up the order; do not put all the symbols and numbers at the end of the password
  • Do not contain anything easily associated with you including:
    • Name
    • Birthday
    • Address
    • Username/ID number
    • Phone number
    • Names and birthdays of relatives and friends
    • Names of your pets
    • Any other information that could be easily found about you, such as what you have posted on your social media accounts

A good idea for creating strong passwords is to combine a letter (or a few letters) from each word of a memorable phrase. For instance:

  • Phrase: His father drove a green 1975 Ford Maverick

Password: HFDaG1975Fd-Mvk

  • Phrase: Jack and Jill have two orange tabby cats named Whiskers and Tuna.

Password: J&Jh2OTcnWs&Ta


Pick four random words,

That's a strong password.

GatorLink accounts can use such passphrases, but not all external websites support them just yet. Additionally, note that the sample above is not completely random and should not be used as a password.

  • Make them difficult to guess, even by someone you know
  • Choose at least 4 words for your passphrase
    • To make your passphrase extremely secure, use at least 6 words
    • Do not worry about the character count of your passphrase, what matters is word count & randomness
  • Make sure the words you choose are sufficiently random and unrelated to each other
    • “TheDogGoesWoof” is a weak passphrase
    • “SparkleShimmerShineDiamond” is also a weak passphrase
  • Make them easy for you to remember
  • Include uncommon words in your passphrase
  • For added security, insert a character or number between two of the words
  • Consider using the Diceware word list (see the Using Diceware section) to create truly random combinations of words

Storing Passwords

Once you have created a strong and unique password, safely storing it is critical. Below are some tips and solutions for the safe storage of your passwords:

Write it Down!

Writing your passwords onto a piece of paper can be a good idea. Just ensure you leave it at home where it is discretely hidden. Protect it as you would a credit card.

Password Managers

An alternative way to store your passwords is through a Password Manager (PM). PMs are applications that allow you to safely store your passwords and encrypt them, making them difficult for attackers to access. Google and Apple provide built-in PMs that are both secure and easy to use.

What Not to Do:

Should you choose to store your passwords digitally, it is important to use a dedicated solution, such as a PM. Storing account logins in a note or text file on one of your personal devices is not recommended, as it may not be secure.

It is important to note that UF policy forbids any digital storage of passwords used for UF business, including GatorLink passwords.

Short Video Explaining Strong Passwords

Next Steps

Setting up a strong password is a great first step in securing your accounts. However, it is not the only step you can take! If you are reading this, you are likely familiar with Multi-Factor Authentication (MFA) with Duo Mobile. UF requires MFA because it helps protect your GatorLink account from phishing emails, password cracking, and other cyber-attacks.

A good idea may be to enable similar MFA methods on your other accounts, including your personal email, bank, and social media accounts. Doing so adds an additional layer of protection. Brainstation has an in-depth guide on using MFA, and the 2FA Directory publishes a list of popular services that support MFA, with links on how to enable each.

For a general guide, check out the brief video below for a tutorial on the process of enabling MFA on your personal accounts:


Configuring MFA on your personal accounts can be a critical choice in protecting your accounts from compromise. It will require some extra effort compared to a password-only login, but in today’s evolving cybersecurity landscape, that effort can make all the difference in protecting your identity, financial information, and even your image.