Skip to Content

Password Protection

UO Password Policy:

  • Follows Oregon state government guidelines
  • Must change every 180 days
  • Must be between 8 and 127 characters in length
  • Must contain at least 3 of the following 4 items: a number, an uppercase letter, a lowercase letter, a special character
  • Must not contain your: Duck ID, email, first name, full name, last name, nick name, or UO ID
  • Must not be one of your last three passwords


  • Don’t use personally identifiable information in your password such as:
    • Name
    • User name
    • Birthday
    • Pet’s name
    • Child’s name
    • Alma mater
    • Hobby keyword
  • Don’t write down your password. If you must store your password somewhere, keep them in a secured location. Password safes such as Dashlane, Lastpass, and KeePass make this task easier. Contact CASIT to set up an appointment to help you install one of these programs.
  • Don’t share your password with other users. University IT professionals WILL NOT ask you for your Duck ID password. (They *may* ask you for passwords for a *local* computer account, which is not tied to your email account.)
  • Don’t allow your browser to save¬†your password in web forms.
  • Don’t use the same password for multiple websites. For example, do not use your Duck ID password for your personal e-mail account, banking account, etc.


Any sequence of characters that satisfies the UO Password Policy and a password that can be easily remembered is recommended.

  • Use numbers, special characters and spaces in your password
  • If using words from a dictionary, use multiple words, not just one
  • Examples:
    • 5 zombies ate my neighbors!
    • 0 rain in Eugene?
    • Strawberry waffles? 1980
    • 1973 Pre was FAST!
    • Chip don’t go! 23
    • Star! Wars! 1977!
  • If you have many passwords that you must remember, use a password safe such as Dashlane, Lastpass and Keepass. CASIT would be happy to assist you in setting up these applications.
  • If if easier to use the same password for some web sites, use the password for sites without sensitive data such as Twitter, blogging sites, news websites.
  • Use different and complex passwords for financial accounts, e-mail, and shopping websites that retain your credit card information.