Choosing a Secure Password

Network Operations Center
9/2006

You are responsible for any activity that originates with your accounts. Therefore it's essential that you choose good passwords and keep them secret.

Six essential elements of password security:

  1. Don't tell anyone your password.
  2. Don't write your password down anywhere.
    (Except temporary passwords that you change immediately)
  3. Make your password easy for you to remember but hard for someone else to guess.
  4. If you think there's even a chance someone else might know your password, change it.
  5. Change your password periodically, even if you think nobody knows it.
  6. Make sure no one is watching when you enter your password.

A secure password is:

  • at least 8 characters long longer is better
  • composed of three of these character classes:
    • lower-case letters: abcd...
    • upper-case letters: ABCD...
    • numeric: 1234...
    • non-alphanumeric: !@#$<,"...

How to Choose a Secure Password:

There are plenty of ways to come up with passwords that meets the criteria above.

Method 1: Use the first character of each word in a phrase, song or poem to create a "mnemonic". For instance:

  • Start with "If you can't beat a computer at chess, try kickboxing".
  • Take the first letter of each word: "iycbacactkb".
  • Vary it with special characters, punctuation and capitals, and you've got "Iycbac@c,tKB".

It looks like 12 characters of gobbledy-gook, but it's (1) long enough, (2) complex enough, (3) easy enough to remember - so it's a good password.

Method 2: Alternate between one consonant and one or two vowels. This provides nonsense words that are usually pronounceable, and thus easily remembered. Examples: routboofip or quadpopgoor. Then exchange some letters for numbers, and capitalize some of the letters: routb00fIP QU@dp0pgooR

Method 3: Choose three short words and paste them together with a punctuation and numbers between them. For example: Dog;rain2sit book+Mug=sleep kid5.goaT!fish

Search the Internet for "choosing a password" for other methods, and more ideas and information. Some helpful pages are at:

Cambridge University ran an empirical study of passwords, with some interesting results. The short summary: use mnemonic passwords of at least 10 characters. http://www.ftp.cl.cam.ac.uk/ftp/users/rja14/tr500.pdf

Here is a list of the "500 worst passwords of all time." If your password is on this list, PLEASE change it right away!

Conclusion:

Your passwords play a crucial role in protecting your computing accounts and the personal information that can be accessed through them. Choose secure passwords and keep them secret so that you can be sure that only YOU control what goes into and comes out of your accounts.



© 2007 Dowling College