Many computers set an eight-character minimum for your password length. Even if yours doesn't it's good to meet this recommendation. The longer your password, the more secure it will be.

Always use a combination of upper- and lower-case letters and include special characters such as '~!@#$%^&*()-_=+{[]}\|`";:,/?.

Do not base your password on any items of personal information (e.g. PID, Social Security number, street address, birthdays, names of family members, etc.).

Do not attempt substitutions of numbers or characters that look like the letter they replace (e.g. C@R0L!N@ for CAROLINA); sophisticated password-cracking programs try these combinations as well.

For stronger passwords, avoid words or combinations of words that could be found in an English dictionary, such as "ChapelHill".

For best passwords, experts recommend acronyms for unusual phrases that you invent. An example would be the password "~2myuT$!" for "About 2 more years until Tenure $alary!"

Change your password often, and do not write it down anywhere close to your computer.

Don't reveal a password over the phone to ANYONE, including computer support personnel. Support personnel should never initiate a call requesting a password.

Don't reveal a password in an email message.

Don't reveal or talk about a password to anyone, including co-workers or family members.

Don't hint at the format of a password (e.g. "my favorite pet.")

Don't reveal a password on questionnaires or security forms.

Don't use the "Remember Password" feature of applications (e.g. Mozilla Firefox, Mozilla Thunderbird, Internet Explorer, or Outlook).