faq081: How do I select a good password?
Choosing a secure password is vital for keeping your email, computer accounts, and personal information private -- and for keeping Mines computer networks secure. Choosing a poor password can cause your account to be hacked or accessed by someone else. Lack of account security may get your computing accounts deactivated or your network ports blocked by CCIT staff. Please choose your password wisely and change it as needed.
Here are some guidelines for picking good passwords:
In general, the longer the password, the better the security; shorter passwords are far easier to crack. CCIT-managed systems, including those in CTLM and the Library, typically require a password of 10 or more characters (again, longer is better).
A password should never be ...
- Any single word, spelled forward or backward, even one in a different language.
- A proper name or nickname.
- Any place name or other common term, in English or any other language.
- Any example passwords that appear in this FAQ.
Such passwords may be cracked by hackers using sophisticated tools.
Furthermore, passwords should never be ...
- Your Social Security number or any portion of it.
- Your ATM or Debit Card PIN.
- A birthdate.
- Written on a Post-It note stuck to your monitor or keyboard.
An easy way to create a good password is to take two or more unrelated, short words and combine them with capitlization, punctuation, and numbers, as in ScreAm!elves or robust*Bread47. You should avoid well know phrases that seem to mirror this rule, like catch22, pelham123, or 24hours. These passwords can also be cracked quickly.
There's also the "four random common words" method popularized by a web comic strip: https://www.xkcd.com/936/
And easily remembered strong passwords (containing upper case letters, lower case letters, numbers, and special characters) can be built from meaningful phrases. For instance, mwbN18&oaA25, is a strong, 12-character password that could be made from the sentence "my wife's birthday is November 18th and our anniversary is August 25th." While birthdays and anniversaries can be learned, the order and case of the characters would be difficult for an outsider to figure out.
Computer users have gotten wiser recently. We often used to say that we had "nothing worth stealing," so surely no one would bother hacking our passwords. Now we know that vulnerable email and computer accounts with insecure passwords can be used to:
- Steal identities.
- Launch cyber attacks on other computers around the world.
- Illegally store and distribute copyrighted materials.
- Store and distribute pornography, including child pornography.
- Send insulting, libelous or hate mail that appears to has come from our computer or our email account.
These activities are federal offenses that can, and have, resulted in visits from the FBI. Password security is vitally important and CCIT urges you to take it seriously.