Home > Tutorials > Advice on choosing passwords

Advice on choosing passwords

Take password security seriously. Remember that your password is the only method that you have to stop people from gaining access to your files. If somebody cracks your password it is possible for them to send email messages under your name. This may seem trivial but a defamatory message apparently sent by you to the Vice Chancellor or all staff may be very hard to explain and could be seriously damaging to you.

It is also possible for a cracker to publish to the web under your name this may also be very damaging depending on the nature of the images / text published. It is also possible for a cracker to delete your assignment and to use your printing credit.

The first rule is not to share passwords.
If you break this rule then change your password ASAP after the need for your friend to have access to you account ends. If your password is insecure then you are taking a serious risk.

When choosing a password, the goal is to make it as difficult as possible for someone to guess your password. If you do this, you have left a person who tries to break into systems, a "cracker," with no other alternative but to search through every possible combination of letters, numbers, and punctuation. A search of this sort, even conducted on a machine that could try one million passwords per second (most machines can try less than one hundred per second), would require, on the average, over one hundred years to complete. There are some simple guidelines, which if followed, would force a cracker to conduct such a search. Please take care not to use any of the examples used in this file as your password; "crackers" can read these files and may target specific examples.

Guidelines on what to choose

Choose a password with mixed-case alphabetic's. This only applies to your Ws-FTP (UNIX) password. Put the mixed-case within the password; a single change of case at either or both ends may not be sufficient
Choose a password with non alphabetic characters, for example, digits or punctuation. Again, put the non alphabetic characters within the password.
Choose a password that is easy to remember so you don't have to write it down.
Choose a password that you can type quickly, without having to look at the keyboard. This makes it harder for someone to steal your password by watching over
your shoulder.
Choose a line or two from a song or poem, and use the first letter of the first five words and add a number or special character at the end. For example, ``In Xanadu did Kublai Kahn a stately pleasure dome decree'' becomes ``IXdKK1.''
Choose a password that alternates between one consonant and one or two vowels. This provides nonsense words that are usually pronounceable, and thus easily
remembered. Examples include ``routboo,'' ``quadpop,'' and so on.
Choose two short words and concatenate them together with a punctuation character between them. For example: ``dog;rain,'' ``book+mug,'' ``kid?goat.

Guidelines on what to avoid

Avoid using your name, your user ID, or the name of a spouse, child, friend, pet.
Avoid using information easily obtained about you, such as license plate numbers, telephone numbers, social security numbers, the brand of your automobile, the
name of the street you live on, etc.
Avoid using a password of all digits, or all the same letter.
Avoid using a word contained in any dictionary, spelling list, or other word list in any language.
Avoid using a simple transformation of a word such as reversing the spelling, changing upper-case to lower-case or vice versa, or using all capitalisation.
Avoid using a password shorter than six characters to increase the number of possible password combinations a cracker would have to guess.

Created: December 19, 2001
Last modified: December 9, 2003

URL: http://www.rupert.id.au/tutorials/passwords.html

APA citation:
Russell, R. (2003, December 9). Advice on choosing passwords. Retrieved December 9, 2003, from
http://www.rupert.id.au/tutorials/passwords.html