IS Support - Passwords: Creation Guidelines

Choosing a Strong Password is critical to protecting yourself in today's connected world. This article will help you create passwords that are secure, but easy to remember.

Passwords Defined

The computer security industry defines a password as a token of identity. Generally this token is used to authenticate users to computer systems, networks and applications using a "known secret" or piece of information unique to the individual. Passwords have become a way for an individual to prove their identity in a limited capacity. While other technologies exist to decrease the rate of error (biometrics, multiple authentication levels, etc.), passwords are the most common method available.

Why Choose a Strong Password?

A computer password is the first level of defense in protecting your computer, computer files and other data. Many attacks against computers rely on breaking weak passwords based on dictionary words, birthdates and other easily guessable information.

Passwords, generally, may be comprised of certain types of characters. The following types of characters are found on standard US101/104 keyboard and are usually available to be used to construct a password.

Type	Character
Alpha	ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz
Numeric	0123456789
Special	~`!@#$%^&*()_+-={}\|[]\:";'<>,.?/

The best way to protect your computer is by choosing a "strong" password. But how can a strong password be chosen? Simple!

Passwords should begin with an upper or lowercase alpha character.
A password should be at least eight (8) characters in length. Longer passwords are encouraged as they are harder to guess or crack!
Passwords should not be based on any dictionary words (any languages, slang terminology or technical terms), birthdates, passages from literature, song lyrics, computer names or your login ID. A general rule of thumb: if the string of characters is printed anywhere in any media, it can easily be guessed.
A password should contain a mix of upper and lower case alpha characters, numerals and special characters.
Passwords should not be shared between systems.
A password should be changed on a periodic basis - the frequency of which will depend on how sensitive the information the password protects is. A password should absolutely be changed if any disclosure is suspected or if you find you have entered it into a computer which you now suspect may have a virus.
Avoid writing your passwords down, if possible. ; If you have too many passwords to remember and must write them down, either store them electronically in encrypted format (the key to which only you know the password) or put a piece of paper in a strongly protected place (your wallet, for example).

These short rules will get you started on choosing a strong password. Always remember that passwords should be fluently typed to combat against those "shoulder surfers" that often like to gain access by watching your fingers on the keyboard. Note: It's not rude to ask a person to look away from the keyboard while you authenticate into a system!

Security Requires Inspiration

Now that you've read the rules and are ready to change all 19 passwords you use (we're always wishing for a perfect world!), it's time to generate a password. After authenticating to the computer or application, you start to think about a new password....and think...and think. It's not easy, we've been there and know how difficult it is to come up with crafty strings of letters.

A good solution is to generate a phrase or sentence that you can easily remember, then use that phrase as the inspiration for your password. We'll take the following sentence as our inspiration.

As Mars comes closer, I long to go home!

Using a simple rule of choosing the first character from each word of this phrase, we can generate a password as such:

AMcc,Il2gh!

That simple formula has produced an eleven (11) character password that will protect you against most modern-day passwords cracking programs for thousands of computing years.