# Password Checklist *For information about **User Accounts**, including SJSU and CSUMB accounts, see the **[User Accounts](https://mlml.sjsu.edu/itech/user-accounts/) page** on the IT Website.* *Keep in mind that your Gmail password is not necessarily the same as your MLML password.* ##### **Password Checklist** A strong and unique password will keep your account safe. Here is a checklist for creating secure passwords for all of your accounts: - Your password should be easy for you to remember without being obvious for someone else to guess. - The **longer and more complex** the password, the stronger it is. - Include a variety of characters, such as punctuation marks, numbers, and mix capital and lowercase letters. - Don't choose a dictionary word as your password. - Have a **recovery email** or **phone number** set up with your account to be able to recover it in case you lose access. - Here are the [Google Account Recovery instructions](https://support.google.com/accounts/answer/7682439). - If you ever have a situation where your account is compromised, check to see that the recovery email or phone number hasn't been changed. - **Never use the same password** on multiple accounts. A **[password manager](https://kb.mlml.sjsu.edu/books/security-anti-malware/page/secure-password-storage-management)** can help you keep track of your passwords (and generate very strong passwords). - **Use multi-factor authentication**. This adds an extra layer of security by having you approve a login with your smartphone or entering a code sent to your smartphone or from a physical token. - [Gmail 2-Step Verification instructions](https://support.google.com/accounts/answer/185839). - All SJSU employees must use Duo 2-Factor Authentication to access SJSUOne services. For instructions, see our [Guide to set up Duo 2-Factor Authentication](https://kb.mlml.sjsu.edu/books/security-anti-malware/page/set-up-duo-2-factor-authentication). - **Never tell anyone your password**. - **Never write down your password**. Use a **[password manager](https://kb.mlml.sjsu.edu/books/security-anti-malware/page/secure-password-storage-management)** instead! - Periodically **change your password**. - Make sure you have strong passwords on all of your accounts.