Tips on Choosing a Password

The computer system enforces some rules designed to assure high-quality passwords. These rules may make it a bit hard to choose your first password.

The current rules for passwords are:

• Must be at least 8 characters long
• Must contain at least 1 character from each of at least 3 different character classes. The character classes are:
  • lowercase letters
  • uppercase letters
  • numbers
  • punctuation
• Must not appear to be systematic (``abcdef'' will be rejected).
• Must not be based on anything that the system knows about you. (name, login, userid, etc.)
• Must not be based on a dictionary word or a reversed dictionary word. A complete word as a substring will cause a password to be rejected.

These rules are based on crack, a widely available (and widely used) password guessing program. In addition to the above rules, consider the following:

• Mix UPPER and lower case letters
• Include punctuation marks. Using an exclamation point (!) or a period(.) at the end of your password is less secure, simply because everyone does at the end of phrases.
• One common scheme is to use letters from a phrase. For example, the phrase choose a good password might become the password CagP (mixing upper and lower case). Of course, this password is not good, because it is too short, has only letters, is easy to guess, and is written in this document. If you do use this scheme, don't use a phrase that is easy to guess (such as your favorite saying or the first line of your favorite song).
• Another common scheme is to start with two or more unrelated words, and abbreviate or mangle them in some manner, so that no part will be in the dictionary. Make sure the two words aren't easily guessable.
• Use symbols to represent some of the words in a chosen phrase.

Bad ideas for your password include the following list, and anything based on ideas from the following list:

• Your phone number or any phone number associated with you, such as your significant other's.
• Birthdays of you or anyone associated with you.
• Addresses of you or anyone associated with you.
• Nicknames of you or anyone associated with you.
• Hometowns of you or anyone associated with you.
• Names of loved ones, pets, etc.
• Any number associated with you (social security, bank account, driver's license, license plate, etc.).
• Any famous personality (rock stars, sports players, teams, or mascots) that you can call you `favorite' or that people know you like.