Creating a good password
Choosing a good password can be hard to do but to ensure you are fully protected online it is vital!

I. Passwords should never be:

  • Any word in any dictionary, in any language
  • Any formal name or nickname, including spouse's, children's, and pet's
  • Any mythological or fictional character or race
  • Any name of a place (city, country, cross roads, forest, or place of natural beauty), real or fictional
  • Fictional terms
  • Titles of movies, books, compositions
  • The name of any author, composer, musician, actor
  • Any special number
  • Acronyms
  • Phrases
  • Fables or legendary characters or places
  • Combinations of letters or patterns on the keyboard
  • Religious figures, places, or events
  • Anything you can imagine being collected into a list
    (If a password fits in a list, you can presume someone has made up that list.)

II. Passwords should never be a simple algorithm applied against something in category I, such as:

  • The "word" backwards
  • Substituting numbers for vowels, r1ch2rd for richard
  • Common substitutions for letters, 3 for e, mov3
  • Appending or prefixing digits, apple639 or 123apple
  • Appending or prefixing special characters, apple@ or $klingon

III. Passwords should not contain information that can be automatically gathered by knowing your user name:

  • Your user name
  • Your user index/number (for Unix the UID and GID)
  • User name owner information (for Unix the gecos field) which commonly contains your name
  • Information derivable from this information: your initials
  • This category is similar to the first category. However, wheareas category I is static, category III depends on your account information and is dynamic.

IV. Passwords should not contain personal information about you that can be gathered if you are targeted:

  • Your social security number
  • Your student ID number
  • Your phone number, your mother's phone number, your mother's maiden name
  • Your passport number
  • Your street address, the address where you were born
  • Your license plate number
  • Serial number from your camera, computer, stereo

In summary, a good password needs to be something that cannot be derived in a semi-automatic manner. Categories I-III represent known information or easily derived information that can be exhaustively applied by a computer to break your password. Category IV represents information that would be applied to specifically break your account, as opposed to any account on a machine. While this may seem like a very remote possibility, if you are ever personally targeted, it is potentially much more damaging to you.