Skip to main content
Green textured banner

Use Secure Passwords & MFA

secure passwords logo

Stump the chumps. Create strong passwords and use Multifactor Authentication (MFA).

Your password tells us that you are who you say you are.

A bad password keeps scammers in your rearview mirror. A better password places them in another state.

The best passwords use Multifactor Authentication (MFA). This one-two punch adds a layer of protection, making it almost impossible for them to catch you.



Power up your passwords!

Passwords 101

Ready for secure password news you can use? Check out these helpful tips to maximize your online password security.

Boost your password security

MFA: Here, there, and everywhere

Do you know that Multifactor Authentication can be used both at work and for your personal use? Learn more about how you can protect more than just your Yale data and systems.

Learn about using MFA at Yale and at home

Using Password Managers

Whenever possible Yale uses Single Sign-On (SSO), aka CAS log-in, which allows you to sign on with your NetID and password. But what about managing all your non-work passwords? Get the scoop!

Make managing your passwords easy

Passwords 101

Pick of a padlock with a key inserted

Use strong passwords for all accounts

  • Create passwords that contain 12 or more characters
  • Use a passphrase, where possible. A passphrase is a string of words with spaces for example:
    • My motto is lux et veritas
    • I have the biggest dog on my street
  • Include special characters (such as @ ! * %) if the password is less than 12 characters in length
  • Do not use the same password for different accounts

Information to avoid

  • The names or initials of you, your children, pet, partner, or celebrities
  • Numbers like your birthday, anniversary, or important years
  • Letter or number sequences (e.g., 1234, qwerty, abcd)
  • Personal information like your email, phone number, or address

Remember Yale ITS will never ask for your password by phone or email. If you believe someone has stolen your password or there has been unauthorized access to your NetID account, report it immediately.

Changing your NetID password

You can change your NetID password at any time, a simple process that only takes a few moments.

Password hygiene


  • Use a unique password for each site you log into.
  • Consider using a password manager to keep all your passwords in one place.
  • Use a passphrase that is long in length but easy to remember. This way you don't have to write your password down.


  • Re-use your NetID password on non-work-related websites such as Amazon or Facebook.
  • Display your password in a location where others can find it—this happens more than you think!
  • Share your password with anyone. Your password is your business. Yale ITS will never ask for your password by phone or email.
  • Include your NetID in your passwords. Your NetID password cannot contain your NetID.

Do you know the passwords that are most commonly used are easy to hack? 

Check out this list and be sure you’re not using these easy-to-crack passwords on any of your Yale or personal accounts.

Top 200 most common passwords

MFA: Here, There & Everywhere!

Screenshot of Yale's DUO prompt

Boost security on the sites you access

MFA adds a second layer of security to your accounts. It makes it more difficult for hackers to sign in — even if they know or guess your password.

Yale’s easy-to-use MFA tool is DUO. Find out more about DUO/MFA for a more secure Yale, what this means for you, and where you can get help.


Don’t fall for multi-factor hijacking

Did you know cybercriminals will try to get you to approve MFA requests or provide your MFA credentials? This is called MFA hi-jacking and can be a sign that your NetID account is compromised. 

If you suspect your NetID account has been compromised, call the Yale Information Security 24x7 number: 203-627-4665.

Here’s a few tips to avoid MFA hijacking and keep bad actors out of your accounts.

  • Only approve MFA requests when you are actively logging in to Yale IT Systems.
  • Be wary of frequent or unexpected DUO requests
  • Remember that DUO authentication is typically only required once every 90 days.

Did you know you can use MFA for your personal accounts?

This can include online retailers, bank accounts, retirement accounts, and email accounts.

Using Password Managers

Post It Notes with passwords on a laptop

What is a password manager?

A password manager is exactly as it sounds - an application to store and manage your passwords. This can simplify remembering your many different passwords for different accounts. But how do you know those passwords are secure?

Secure password managers use encryption for secure storage. Encryption “locks” the data by converting the stored passwords into unreadable code. The passwords you store can only be unlocked using one master password. 


Can you recommend a password manager?

While Yale doesn’t endorse any one password manager for personal use, we encourage you to review recommendations by PC Magazine for their favorites.

This helpful article recommends password managers for different uses and includes features and prices.

Read password manager recommendations

Did you know using a password manager can also help you avoid entering your credentials on fraudulent websites?

A password manager automatically populates your passwords on websites where you’ve saved a password. If you believe you’re on a website for which you’ve saved a password but your credentials don’t automatically populate, it’s probably a fake website designed to steal your credentials!

Additional resources to build your cyber muscles!