How can I choose a good password?

A poorly chosen password, or a password improperly secured, can circumvent thousands of dollars worth of security measures.

Guidelines for choosing a password

By following the five guidelines below, you can choose a password that will difficult for an unauthorized user to guess:

* Passwords should contain at least six characters.  Passwords with fewer characters will be guessed much more quickly by automated “cracking” programs that try every combination of characters until they discover your password.  Likewise, passwords that consists of only one character repeated six or more times are also easier for crackers to determine.

* Passwords should contain three of the four character types: upper case letters, lower case letters, numbers and punctuation.

* Passwords should be easy to remember, so that they never have to be written down. Two techniques for creating easily remembered passwords are described below.

* Passwords should not be words that can be found in the dictionary.

* Passwords should be based on personal information about you – such as your user id, your name, birthday or social security number, the names of your family members or pets.  Often information like this can be easily found around your workspace – pictures, cards, etc. can give an observant cracker an easy place to start guessing.

Techniques for choosing a good password

One technique for choosing a good password is to think of a sentence or a song lyric and base your password on the first letter of each word in that phrase.  Be sure to mix the case of the letters and insert a non-alphabetic character into your password.

For example, a user might choose the phrase, “Jack and Jill went up the hill.”  The password, based soley on the first letters of the words would be JAJWUTH.  Then, we mix the case of the letters: JAjWUtH.  Finally, we insert some non-alphabetic characters.  J&jWU7H appears to be a random sequence of characters that would be hard to remember.  However, YOU know what it’s based on, and therefore it’s not difficult for you to recall.

Another technique for choosing a good password is to insert a non-alphabetic character between two or more words.  For example, rEd^bAllOOn or FRieD$CHiCKeN.  The more non-alphabetic characters you insert, the better, but be aware that some systems will only let you begin a password with a letter.

Securing your password

Don’t share your password with anyone else, even if you know them or if they seem official.  While otherwise you may keep your password secure, you can’t be sure about another person.  Check out anyone you don’t know that asks for your password.

Don’t write down your password.  Crackers know that many people keep a list of passwords hidden in their workspace.