It can be difficult to choose a good password. The password should be fairly long and shouldn't be guessable, but at the same time, it should be easy to remember.
Avoid using dictionary words or names in any form. Backwards or forwards, Chinese or Norwegian, any word or common name can be guessed by hackers’ programs.
Dictionary words are any common words, names, dates, or number, including words in foreign languages. One standard method that is frequently used when attackers attempt to guess passwords is a brute force attack. In a brute force attack, the attacker basically tries possible passwords over and over again until they manage to break into the account. Often they try dictionaries of commonly used passwords. We have seen dictionaries in English, Finnish, German, Japanese, Latin, Spanish, Italian, Chinese, Norwegian, Swedish, Chinese, Yiddish, Dutch, common jargon from Biology, Physics, Computers, common female names, common male names, names from cartoons, movies, television, Shakespeare, religion, mythology as well as common and famous place names. It wouldn't surprise us to see dictionaries of Farsi or Akkadian words, either. *Avoid using words or names, regardless of the language.*
Don't use common misspellings of dictionary words (including replacing "l" with "1" and the like).
Many of the dictionaries include both common misspellings and words with letters replaced with similar looking numbers.
Don't use the name of the computer or your account. This is too simple.
Since these can be found out, this kind of password can be very easy to guess.
Don't use sample passwords, such as the ones on this page.
If the password appears in a document such as this one for the whole world to see, don't use it.
A password should be between 8 and 16 characters. The longer your password is, the harder it is to crack.
Do not use simple patterns like abCDEFG, or keyboard sequences like qwertyUI. Simple patterns and sequences are easy to crack.
Use a mixture of upper and lower case letters, numbers, and punctuation. Often, this is required.
New password must contain characters from at least three of the character classes listen in the table below.
Avoid using characters that don't appear on a standard US 101 key keyboard. This may cause you trouble later on.
While some systems may allow you to use "unprintables", an accented character, u-umlaut or a Euro symbol, don't count on it working correctly. Characters that aren't easily typeable on a standard US 101-key keyboard may not work correctly in all circumstances.
Staff of the University will never ask for another individual's CNet password via email, telephone, mobile phone, or any other communication device. If you receive a message claiming to be from a staff member requesting your password, do NOT share this information with them.
You can use different iterations of the same basic password. For example, the password M'sCMh8196wii! could become m'sCMH8196wii! or M'sCMh8197wii! The password protecting your most sensitive information should always be different from other passwords.
It is also possible for some computer viruses to recover your password from such stores and email them to random people or post them publicly on the Internet. Such viruses may even distribute the password before anti-virus software is able to locate and remove the virus.
You'll notice that in this example we've decided to include all the punctuation. This is to improve the quality of the password.
So, your password would be M'sCMh8196wii!. It is a nice, long password with a good mixture of character classes.
People often find that they need to juggle multiple passwords for their email accounts, web sites they visited, and different Internet-based services that they wish to use. While it is impractical to create a completely different password for every web site or account, using the same password in multiple locations is very dangerous: if the password is stolen from any one of the places where it is used, it can be used elsewhere as well.
Below are a few ideas on various ways to handle the increasing number of passwords that seem to be required these days while not making the passwords easy to guess.
See Support Hours
IT Services is part of the University's Finance & Administration Division »
Finance and Administration includes Business Diversity, Commercial Real Estate Operations, Facilities Services, Financial Services, IT Services, Risk Management, Audit and Safety, Human Resource Services, and Safety and Security.
© 2014 The University of Chicago