Resources
HOWTO Documents > How to Pick a "Good" Password
Picking a good password is something that we take seriously here at CCIS. Because if your account gets compromised that means that someone we don't know suddenly has access to everything on our systems. That means that it isn't just your data that is at risk but everyone's.
A good password is:
| • | Private: it is used and known by one person only. |
| • | Secret: it does not appear in clear text in any file or program or on a piece of paper pinned to the terminal. |
| • | Easily remembered: so there is no need to write it down and not guessable by any password cracking program in a reasonable time, for instance less than one week. |
Passwords should be a mixture of the following:
| • | Upper and lower case letters |
| • | Numbers |
| • | Non-alphanumeric characters (e.g. !@#$%^&*(){}[]|\:;_+'"<>,.?/) |
Examples of passwords that can easily be broken are:
| • | Passwords that are made up of a word or name in any language, remember if it's in a dictionary or a book somewhere then someone trying to guess your password can find it. |
| • | Transferring letters or numbers for similar ones (e.g., zeros for o's). |
| • | Words with a number added to the beginning or end. |
| • | Your login name in any form (as-is, reversed, capitalized, doubled, etc.). |
| • | Your partner's or child's name. |
| • | Any other information easily obtained about you. This includes license plate numbers, telephone numbers, social security numbers, the brand of your automobile, the name of the street you live on, etc. |
| • | A password of all digits, or all the same letter. This significantly decreases the search time for password cracking software. |
| • | Don't use a password shorter than six characters. |
Since this is really about how to pick a good password here's an example:
| • | Start with a phrase you can easily remember. If you are a fan of Shakespeare you might pick "Romeo, Romeo, wherefore art thou Romeo". |
| • | Take the first letter of each word (R R w a t R), already you have upper and lower case letters. |
| • | Now replace some of the letters with something else like punctuation, say @ for a, from this you get (R R w @ t R) |
| • | You can go even further, since you know that the "w" is for "wherefore" you can add the number 4 after it and get (R R w 4 @ t R). |
| • | Maybe you remember that there was an extra bit of emphasis on the first "Romeo" in your favorite production. So you decide to add some extra punctuation to your password. And now you have (R ! R w 4 @ t R). |
| • | You end up with a password that looks like this R!Rw4@tR. It certainly isn't a word in any dictionary and it's pretty hard to guess. And now all you have to remember is "Romeo, Romeo, wherefore art thou Romeo" to remember your password. |
Please note: quotes from Shakespeare might be a bad place to start from as they are so popular. But you get the idea.