Skip Navigation
Security

A little about Passwords

Recommended Password Policy

  • Configure your system to require a username and password when logging in
  • Do not login using an administrator account for daily use
  • Passwords should be a minimum of 8 characters
  • Passwords should contain a combination of upper and lower case alphanumeric and special characters
  • Passwords should not contain your user ID, friend or relatives name, social security numbers, birthdate, telephone numbers, common words from a dictionary of any language, places, or simple patterns of letters and numbers
  • Do not use the same password for several different systems
  • Use passphrases that are easy to remember

Choosing the right password

Choosing the right password for you, can be a daunting task.  Hackers have tools to crack dictionary passwords within minutes.  Depending on the password, even seconds.  What makes matters worse, many users use the same password between systems.  For example, if you use the same password to login to your bank and email.  If your email password was compromised, so is your banks.

A series of random letters, numbers and special characters may be a bit difficult to remember.  Instead, we recommend the use of passphrases.  This familiar phrase combined with numbers, letters and special characters will usually satisfy all of the recommendations above.  Lets look at a few examples:

Example 1 (Good Passwords):

"Password security is hard at times" -> Pa$$s3c1h@T!
"Finally! a good password" -> F!@GpA55w0rDs

Example 2 (Bad Passwords):

noner77 -> too short and based on the username
12345 -> numbers in a sequence
password1 -> usually the first password hackers try
MyDogBen -> English dictionary words
WatashiWatashiBoku -> Japanese dictionary words

All of the above bad passwords are real passwords that users have used.  Do not become a victim.

Storing Passwords

Many uses write passwords down on postit notes and stick it to their monitor or underneath their keyboards.  If you must store passwords, use an application like 1password or passwordsafe.