Use of strong passwords may
be the single most important
aspect of computer and network
security
Different systems (operating systems, web sites, programs)
have different password requirements as well as acceptable characters
for use in passwords but there are some general rules for making
passwords more secure. You can also download
Password Generation
Freeware for Windows (.zip
or .exe)
or use our online password generator.
For more complex passwords try the advanced random password generator. These random
password generators are also available at randpw.com
for future reference.
Creating Strong Passwords
When creating a password, it is a good idea to follow these
guidelines:
Do Not Do the Following:
Do Not Use Only Words or Numbers.
You should never use solely numbers or words in a password.
Some examples include the following:
Do Not Use Recognizable Words.
Words such as proper names, dictionary words, or even terms
from television shows or novels should be avoided, even if they
are book ended with numbers.
Do Not Use Words in Foreign Languages.
Password cracking programs often check against word lists
that encompass dictionaries of many languages. Relying on foreign
languages for secure passwords is of little use. Some examples
include the following:
- cheguevara
- bienvenido1
- 1dumbKopf
Do Not Use Hacker Terminology.
If you think you are elite because you use hacker terminology,
also called l337 (LEET) speak, in your password, think again.
Many word lists include LEET speak. Some examples include the
following:
Do Not Use Personal Information.
Steer clear of personal information. If the attacker knows
who you are, they will have an easier time figuring out your
password if it includes information such as:
- Your name
- The names of pets
- The names of family members
- Any birth dates
- Your phone number or zip code
Do Not Invert Recognizable Words.
Good password checkers always reverse common words, so inverting
a bad password does not make it any more secure. Some examples
include the following:
Do Not Write Down Your Password.
Never store your password on paper. It is much safer to memorize
it.
Do Not Use the Same Password For All Machines Or Accounts.
It is important that you make separate passwords for each
machine or account. This way if one system is compromised, all
of your machines or accounts will not be immediately at risk.
Do The Following:
Make the Password At Least Eight Characters Long.
The longer the password is, the better. If you are using MD5
passwords, it should be 15 characters long or longer. With DES
passwords, use the maximum length eight characters.
Mix Upper and Lower Case Letters.
Most systems are case sensitive, so by mixing cases, you will
enhance the strength of the password.
Mix Letters and Numbers.
Adding numbers to passwords, especially when added to the
middle (not just at the beginning or the end), can enhance password
strength.
Include Non-Alphanumeric Characters.
Special characters such as &, $, and > can greatly
improve the strength of a password.
Pick a Password You Can Remember.
The best password in the world does you little good if you
cannot remember it. So use acronyms or other mnemonic devices
to aid in memorizing passwords.
With all these rules, it may seem difficult to create a password
meeting all of the criteria for good passwords while avoiding
the traits of a bad one. Fortunately, there are some simple steps
one can take to generate a memorable, secure password.
Secure Password Creation Methodology
There are many methods people use to create secure passwords.
One of the more popular methods involves acronyms. For example,
think of a memorable phrase, such as:
"over the hills and far away, to grandmothers house
we go."
Next, turn it into an acronym (including the punctuation).
othafa,tgmhwg.
Add complexity by substituting numbers and symbols for letters
in the acronym. For example, substitute 7 for t and the at symbol
(@) for a:
o7h@f@,7gmhwg.
Add more complexity by capitalizing at least one letter, such
as H.
o7H@f@,7gmHwg.
Finally, do not
use the example password(s) above on any of your systems or accounts.
|
