Text Only Version

Password Guideline

Different computing systems place different limitations on password construction. The following applies to all computing systems, whether or not the system enforces these limitations:

Acceptable Methods to Create a Password:

  • Use a minimum of 8 characters. Generally, the more characters you can use, the harder a password is to be cracked or guessed.
  • Choose a password that is easy for you to remember but would be hard for another to guess. One useful approach is to use letters from a passphrase or sentence, e.g., "One ring to rule them all, one ring to bind them" results in the password of "1R2rtA,or2Bt" by using the first letter, capitalization, and some substitution.
  • Use mixed case (upper & lower)
  • Use punctuation symbols (Ex: ~ ` ! @ # $ % ^ & * ( ) - _ = + [ { ] } \ | ; : ' " , < . > / ?)

Unacceptable Methods to Create a Password:

  • Do not use dictionary or actual words. Non-English words are no more secure than English words. (If you accidentally use a tiny dictionary word like " I", "a", "an", or "if" in an otherwise secure password, that is fine.)
  • Do not use words or numbers associated with you. Examples include:
    • Social security numbers
    • Names, family names, pet names
    • Birthdays, phone numbers, addresses
    • Avoid using your login name or any variation of it as your password. If your login is 'fredrick', do not use substitution or letter reordering. Examples would be 'fr3dr1ck', where the 3=e and the 1 (one)= i. Alternatively, do not use kcirderf (backwards) or add a digit to the beginning or end of the word (1fredrick or fredrick1).
  • Do not use the same character for the entire password (e.g., '11111111') or use fewer than five unique characters.
  • Do not use common letter or number patterns for your password (e.g., '12345678' or 'abcdefgh').
  • Substitution should not be used on common words or with common substitutions (e.g., 3=E, 4=A, 1=I, 0=O, etc).
  • When changing a password, change to an entirely new password. Do not just rotate through a list of favorite passwords.

Password cracking tools are sophisticated and are able to crack passwords that are created using these unacceptable methods.