How to pick a good password

It is important to pick a secure password. An intruder can use your account for all kinds of mischief, including but not limited to:

  • Reading your email
  • Deleting your files
  • Using our network connection to attack other sites
This can have legal ramifications for us and be a headache for you.

A good password is:

  • Private: known only to you
  • Secret: it does not appear in clear text in any file or program or on a piece of paper pinned to the terminal
  • Easily remembered: so there is no need to write it down

Passwords should be a mixture of the following:

  • Upper and lower case letters
  • Numbers
  • Non-alphanumeric characters (e.g. !@#$%^&*(){}[]|\:;_+'"<>,.?/)

Examples of bad passwords that can easily be broken are:

  • The word password
  • Passwords that are made up of a word or name in any language, remember if it's in a dictionary or a book somewhere then someone trying to guess your password can find it.
  • Altering a dictionary word simply by transferring letters or numbers for similar ones (e.g., zeros for o's)
  • Words with a number added to the beginning or end
  • Your login name in any form (as-is, reversed, capitalized, doubled, etc.)
  • A person's name
  • Any other information easily obtained about you. This includes license plate numbers, telephone numbers, social security numbers, the brand of your automobile, the name of the street you live on, etc.
  • A password of all digits, or all the same letter.
  • Don't use a password shorter than six characters.

Good Passwords

  • Have both uppercase and lowercase letters

      • Example: PCredR2

  • Have digits and/or punctuation or other non-alphanumeric characters as well as letters

      • Example: PCred2!, aGaaD4yo?

Techniques for Creating Good Passwords

Take your favorite phrase:
May the force be with us

    Take the first letters:
    Mtfbwu

    Randomly capitalize:
    mTfBwu

    Add a non-alphanumeric character:
    mTfBwu!#

Another technique to alter the initial phrase is to replace letters with symbols: e = 3, s = $, h = # and so on...

You can also use the program "pwgen" on a Linux machine to generate a list of relatively good passwords that are also easy to memorize. Consult the pwgen man page for more details.