Accessibility mode is enabled

Skip to Top / Tab to View Menu Options
Skip to Left Navigation / Tab to View Content

Password Passphrases

The City of Sacramento has adopted the use of a strong computer password to ensure a safe computing environment.  If a password falls into the wrong hands, a cyber criminal can impersonate you online, access your bank or credit card accounts, and engage in other malicious activity detrimental to the organization.  Setting up a Passphrase can help you secure your information better and is usually easier to remember that a cryptic password.  

Role of passwords

The role of a password is to prevent unauthorized access to data just as a key prevents unauthorized access to a house or apartment. A password should be guarded with the same care as the key to a house or apartment. The hardest part of choosing a password is making it difficult for others to guess but easy for you to remember. Writing down passwords or saving your password/passphrase on paper can be dangerous. 

Passphrases vs Passwords

As we all know, a password is a "form of secret authentication data that is used to control access to a resource". Because of its name, many assume that a password should be based off a "word". In fact, passwords should not be based on words because of the risks of them being discovered by dictionary attack techniques. Passphrases provide a good way to compose strong, lengthy passwords that are easier to remember, easier to type, and naturally complex. Existing brute force and dictionary attack techniques do not take passphrases into consideration, so passphrases are currently harder to crack than traditional passwords.

Forming Passphrases - Characteristics of a strong passphrase include the following: 

  • Difficult to guess given information about you or a dictionary cracking tool. 
  • Easy to type so that someone cannot watch it being typed Long - the longer the better.
  • For the highest security on a Windows system, a password over 14 characters long is recommended. 

Example Passphrases

Any sequence of characters with or without spaces. To help with the process, we present a few ideas that may help you create a strong passphrase that is easy to remember. Be creative! A strong passphrase does not have to be impossible to remember. Good passphrase security is within your reach. NOTE: Obviously, you shouldn't use any of the passwords used as examples in this document. Treat these examples as guidelines only!

Concept for a passphrase

  • Ilovetogolf
  • Why do we need passwords
  • Wisconsin gets cold 
  • Sacramentokings
  • I like Dr. Pepper 
  • Thirty words a minute

Characteristics/Examples of Weak/Bad Passphrases

  • Your name in any form - first, middle, last, maiden, spelled backwards, nickname or initials 
  • Your user ID or your user ID spelled backwards 
  • Part of your user ID or name 
  • Any common name, such as Joe 
  • The name of a close relative, friend or pet 
  • Your phone number, office number or address 
  • Your birthday or anniversary date 
  • Simple variants of names or words (even foreign words), simple patterns, famous equations or well-known values 
  • Your license plate number, your social security number or any all-numeral password 
  • Names from popular culture (e.g.: Beatles, Spiderman, etc.) 
  • Any password that is offered forth as an example 
  • Permutations of the username 
  • Family or pet birth dates 
  • Family or pet names or acronyms built from them 
  • Hobbies or activities 
  • Work or school-related information or work/school acquaintances 
  • Names of places visited or worked 
  • Important numbers such as social security, phone or account numbers 
  • Common words from dictionaries including foreign language 
  • Common dictionary word permutations 
  • Names or types of favorite objects 
  • All digits or all the same letter or letter sequences found on keyboards 

Guidelines for protecting your password

  • Safeguard your password: All passwords are to be treated as confidential information. 
  • Take responsibility: You are responsible for the security of your password, and accountable for any misuse if they are guessed, disclosed or compromised. 
  • City staff will never ask for your password: It is against City Security policy for a technology service provider to request a user's password. If someone demands a password, refer the person to this document or have the person call the Help Desk. 
  • Avoid using the "Remember Password" feature: These features, typically used to access secure applications (i.e. email, calendar, financial systems) and Web browsers (i.e. Mozilla Firefox and Internet Explorer), do not adequately protect password. It may be possible for a computer virus or unauthorized user to gain access to this stored information. 
  • Clear the cache of your Internet browser before quitting your browser: Quitting a web browser does not mean that cookies and related files are removed from your machine, so remember to clear the cache before quitting the web browser when you are finished using it unless no one else has access to the computer you are using. For assistance with setting this up, please refer to the City’s ISO web page.
  • Quit your Internet browser when you are finished using it: When you use your password with a web browser like Firefox or Internet Explorer, it saves the password in memory as long as it is running, so remember to quit the browser when you are finished using it unless no one else has access to the computer you are using. 
  • Report compromises immediately: If you suspect your account or password has been compromised, report the incident to or call the City Service Desk X7111 to change the password immediately. 

Lost or Forgotten Passwords

To help make password/passphrase management easier, the City has a self-service portal to help staff recover or reset their password. All staff are encouraged to use this website and setup their self-password recovery option. To access the self-service password portal, please see