Choosing a Password
No security measure is more effective than a good password. Choosing a good
password boils down to this, don't choose a password that can be guessed
using the techniques described in the security manual. Some guidelines for
choosing a good password are:
- Don't use your login name.
- Don't use the name of anyone or anything.
- Don't use any English, or foreign language, word or abbreviation.
- Don't use any personal information associated with the owner of the
account. For example, don't use initials, phone number, social security
number, job title, organizational unit, etc.
- Don't use keyboard sequences, e.g., qwerty.
- Don't use any of the above things spelled backwards, or in caps, or
otherwise disguised.
- Don't use an all numeric password.
- Don't use a sample password, no matter how good, that you've gotten
from a book that discusses computer security.
- Do use a mixture of numbers and mixed-case letters.
- Do use at least six characters.
- Do use a seemingly random selection of letters and numbers.
Common suggestions for constructing seemingly random passwords are:
- Use the first letter of each word from a line in a book, song, or a poem.
For example: "Where are the strong? Who are the trusted?"1
would produce Wats?Watt?
- Use the output from a random password generator. Select a random string
that can be pronounced and is easy to remember. For example, the random
string "adazac" can be pronounced a-da-zac, and you can remember it by
thinking of it as "A-to-Z." Add uppercase letters to create your own
emphasis, e.g., aDAzac.2
- Use two short words connected by punctuation, e.g., wRen%Rug.
- Use numbers and letters to create an imaginary vanity license plate
password, e.g., 2hot4U?.
1. Elvis Costello, "(What's So Funny 'Bout) Peace, Love and Understanding."
2. A VMS system password generator was used to create this password.