Text Only Version

Choosing Passwords

Overview

Your passwords are the keys to many things: your bank machine, your computer, your email, a server on a network. Your password helps to prove you are who you say you are, and ensures your privacy.

Compromised passwords are the means by which most unauthorized (and devious) people gain access to a system. Someone logging on under your name has access not only to your computer files, but to most of the facilities of the computer system. Since tampering can have far-reaching and serious consequences, it's important to take to heart the following guidelines for choosing a password.

Never tell anyone your password -- not even your system administrator, helpdesk, account manager, your friends, or even people from EITS Helpdesk -- and don't write it down. Make sure you have chosen a password that you can remember.

Remember, YOU are assumed to be responsible for anything done using your password.

Do Choose...

  • Something easy to remember with at least 6-8 characters and no more than 16 characters, preferably a mix of alphabetical and numeric characters (spaces shouldn't be used) .
  • Something obscure; a deliberately misspelled term or an odd character in an otherwise familiar term, such as phnybon instead of funnybone . Or use a combination of two unrelated words.
  • A combination of letters and numbers, or a phrase like "many colors" using only the consonants, e.g., mnYc0l0rz or a misspelled phrase, e.g., 2HotPeetzas or ItzAGurl .
  • An acronym for your favorite saying, e.g., Wdn-G8 (Wooden Gate) or HersL@@kn@U (Here's looking at you).
  • A mixture of upper- and lowercase; passwords are case sensitive.
  • An easily phonetically pronounceable nonsense word, e.g., RooB -Red or good- eits .
  • Two words separated by a non-alphabetic, non-numeric, or punctuation character, e.g., PC%Kat or dog,#1#

Do Not Choose...

  • Your name in any form -- first, middle, last, maiden, spelled backwards, nickname or initials.
  • Your MyID , or your userid spelled backwards.
  • Part of your userid or name.
  • Any common name, e.g., Sue, Joe.
  • Passwords of fewer than six characters.
  • The name of a close relative, friend, or pet.
  • Your phone or office number, address, birthday, or anniversary.
  • Acronyms, geographical or product names, and technical terms.
  • Any all-numeral passwords, e.g., your license-plate number, social-security number.
  • Names from popular culture, e.g., Harry_Potter , sleepy.
  • Words that are either preceded or followed by a digit, a punctuation mark, up arrow, or space.
  • Words or phrases with all the vowels or white spaces deleted.
  • Any word that exactly matches a word in a dictionary, forward, reversed, or pluralized -- or with some or all of the letters capitalized.
  • Words or phrases that do not mix upper and lower case, or do not mix letters or numbers, or do not mix letters and punctuation.
  • Words that match a dictionary word with any of the following translations:
    a -> 2, a -> 4, e -> 3, h -> 4, i -> 1, l -> 1, o -> 0, s -> $, s -> 5, z -> 5