Online Security Tips and Resources

Be Safe, Be Smart, Be Secure

Keeping your computer or other networked devices secure will help protect your personal information from online threats. Taking steps to secure your device is required by the campus - read Berkeley's Minimum Security Requirements for Networked Devices policy

Set a Strong Password

A weak password is what hackers look for first. Stay one step ahead.

One of the campus Minimum Security Requirements is having a strong administrator password on all your devices. In reality, every password for every account of every site must be a strong one since passwords are meant to protect your personal and private data. Don't make it easy for anyone to guess or crack your password!

This guide will help you better understand the importance of strong passwords, and how you can better create and remember them.

How do I keep track of all my passwords?

It's difficult to remember multiple passwords. These applications can also automatically fill in password fields for you whenever you log in to an account. This way you only need to remember one strong master password that safeguards your password vault.

However, you may want to keep extremely sensitive passwords - for bank accounts, online shopping sites that have your bank account information, and your CalNet passphrase - separate from all the other passwords Lastpass or Keepass manage. This way, if a hacker manages to crack your master password, they do not also gain access to these other important accounts. Remember to make your master password as strong and secure as possible, and different from all your other important passwords.

The moral of this story is: Be very smart and careful regarding what you do on the internet. There's only so much a password can protect. Make sure that your password is a tough one.

How easily can someone crack a password?

When creating passwords, people generally care more about memorability than security. Too many people have passwords like ‘1234’ or ‘password’ or ‘iforgot’. A hacker would guess these passwords first as they are the most commonly used.

But even if your password is much more creative than ‘1234’, and even if you are clever enough to have a different password for all your different accounts, it may still be very easy for your password to be cracked if it is still too simple.

This table (taken from this article from illustrates how long it would take for a normal computer to brute force guess passwords of different length containing different kinds of characters.

Password Length 

All Characters

 Only Lowercase

3 characters

 .86 seconds

.02 seconds

4 characters

 1.36 minutes

 .046 seconds

5 characters

 2.15 hours

 11.9 seconds

6 characters

 8.51 days 

5.15 minutes

7 characters

 2.21 years

2.23 hours

This is assuming these passwords are completely random gibberish and comprise of no recognizable dictionary words. Hackers like to accumulate large dictionaries that contain many different combinations of words and phrases that could possibly be part of a password. If any part of a password matches up with an entry in that dictionary, the rest of the password will be easier for the computer to guess and take even less time to crack.

Other ways someone might get a hold of your password are:

  • Your password hint is too obvious (it's better to refrain from providing a password hint if given the option).
  • You've written your password down somewhere for someone to see it.
  • Your password is short enough or your keystrokes are simple enough for someone to watch you type it in and remember it.
  • You login to someone else’s computer and they have some kind of keylogger that saves your password so they can login with it later.

Do your best to avoid these things. Remember, people can be sneaky. Always be wary when it comes to passwords.

What makes a good password?

As demonstrated above, longer passwords with a variety of characters and containing no dictionary words are less likely to get cracked.

As some good rules of thumb, it's best for a password to:

  • Be at least eight characters long
  • Have a combination of uppercase and lowercase letters
  • Have numbers and symbols
  • Be unique to all other passwords, usernames, logins, etc.
  • Not include dictionary word
  • Not be a keyboard pattern (e.g. 1234, asdf, qwerty)
  • Never reuse a password. Protect the integrity of each account by generating a new password for every one. If you’re having trouble coming up with a new secure password, StrongPasswordGenerator, and other sites like it can generate a new password for you. Strongpasswordgenerator even provides a mnemonic to help you remember it. However, it is always better to try to come up with a good password on your own. That way your password is a little more unique, and a lot more meaningful to you.

Enable Auto-Updates

You can prevent hackers by keeping your device's operating system updated. To make sure updates happen automatically:

In  Windows

  • Open Windows Update by clicking the Start button, and then clicking Control Panel.
  • In the search box, type update, and then click Windows Update.
  • In the left pane, click Change Settings. Select an option that best fits your needs.

On a Mac

  • Open System Preferences and click on App Store.
  • Check Automatically Check for Updates and Install System Data Files and Security Updates.


  • iOS: Go to Settings → iTunes & App Store, then under Automatic Downloads, slide Updates to the right to turn on this feature


  • Go to the Google Play Store, tap the Menu button and go into Settings → Auto-update apps.

Protect Your Device

Protect your device by downloading antivirus software & being cautious with web browsing. 

Be Safe Online

Here are some safe browsing tips for online browsing and social media. Guard against dangerous network traffic. Turn on your firewall. 

Sign up for the Information Security newsletter for quarterly updates and cybersecurity tips!

Enroll in CalNet 2-Step Verification to secure your device.

The bSecure Remote Access VPN (Virtual Private Network) service allows students to securely access the UC Berkeley network from outside of campus as if they were on campus and encrypts the information sent through the network.

Read about how your data is collected, used, and analyzed through bCourses.