Body
Guide to creating secure passwords
Your computer's front line of defense is a good password. Users commonly use passwords that are easy to remember leading to VERY insecure and easily crackable passwords. Most of these passwords are words based on something that may have meaning, such as birthday's, anniversaries, pet's name, YOUR name, license plate, foreign words .... etc.
Rules for good passwords:
- Good passwords should be of sufficient length (at least 9 characters, longer is better).
- Contain at least one uppercase letter (A to Z).
- Contain at least one lowercase letter (a to z).
- Contain at least one number (0 to 9).
- Contain at least one special character.
- Must NOT be any word in any language.
- People should not be able to watch you type the password easily (eg.. qwerty, 123456, etc.).
- Should NOT be an acronym, noun, pet, date, license plate, things found in home, workplace, city, state, country, world, or universe.
Special characters are defined as: ~ ! @ # $ ^ & * ( ) _ + - = [ ] \ {} | ; ' : " , . / < >
UCM allows the following special characters: ~ ! @ ^ * _ - [ { ] } : , .
Why not words?
Most passwords are found using programs that attempt to guess your password. This is done by comparing your password with a list of words (dictionary) the cracker has created (the word lists usually contain all the words in many languages, names of pets, first names, last names, common key sequences (asdf, qwerty, 12345, etc) and any other 'known word' in any language).
Why so many different types of characters?
The more variation in the types of characters you use increases the difficulty in cracking your password. Character sets provide a set number of possible variations, lower case letters 26, uppercase 26, numbers 10, special characters 29. If we used a 1 character password, the cracker would have to try only 91 (26 + 26 + 10 + 29 = 91) different combinations. The more characters we use in our password with more character sets, the possible combination of passwords grows exponentially.
There is no such thing as an 'Uncrackable' password. It is only a matter of time before yours can be broken. The real question is, "How difficult do you want to make it?". More often than not a cracker give up after several hours and move on to easier targets, however, depending on how determined they are......
Examples of good passwords:
This is an example of a good password: mPxp@j46H (completely random and follows the rules above)
The problem with using a completely random password is that it tends to be difficult to remember, however, good passwords can be easy to remember using a simple phrase and converting parts of it that make sense to you.
Use phrases to create your password:
- Make up a memorable phrase or take one from a poem, song, favorite book, etc.
- Use the first letter from each word of the phrase as a character in your password.
- Take advantage of punctuation!
- Try to use special characters where you can. (eg.. ^ could be interpreted as "up")
Phrase:
"My son plays football at Warrensburg" -> Ms1pF@w
Quote:
"Hickory Dickory Dock, the mouse ran up the clock" -> hDd,7Mr^C
Foods:
"macaroni and cheese" -> MaC1e@ch3Ez
I have my new password, now what?
- DO NOT WRITE IT DOWN!!! You should have used a password phrase so you could REMEMBER it. Writing your password makes you vulnerable to prying eyes. Anyone with access to your office or desk area, including visitors will have no problems accessing your account if they find where you wrote it. Your password is only as secure as you make it and keep it.
- You should NEVER use this password outside your working environment (Especially the Internet).
- Be very cautious of using this password on systems that do not support encryption (Your password is much easier to get if a malicious user simply captures it as it is passed from your computer to a server in plain text).