Why is password choice important?

The systems you use as shared with others. The first point for trying to break into a system is to attempt to get a login by guessing a password. If you use passwords such as "test123", "changeme" a word (with a number), a film star or character then one of the automated cracking systems WILL break into your account.

Once they have broken into your account they will use it to attack other systems and crack into other people's accounts. If a cracker has access to a local account there is a greater possibility of them cracking into an administrators account and gaining access to all the files on the system.

You have a responsibility to make sure that your account is not cracked by choosing a good password. If your account is cracked you may be putting other peoples information at risk.

Keeping passwords secret

You identify yourself to the computer system when you login. Your username tells the computer who you are; your password proves that you are who you say you are. Like the PIN on your bank teller card, your password is the key to your account. You must always keep it secret.

• NEVER, under any circumstances,  give your password to somebody else.
• NEVER, send you password by email.  Email is NOT SECURE.
• Don't write your password down unless you have somewhere safe (like a safe) to keep it.
  

How to Choose a Password?

Password security isn't just a matter of thinking up a nice word and keeping it to yourself. You must choose a password which will be difficult for someone else to guess or crack. A good password is 8 characters long, includes numbers, upper and lower case letters and punctuation. It also has to be easy to remember.

Note: Whilst longer passwords are better, some systems truncate them to 8 characters. Be careful if you ues more that 8 characters for your password.

DON'T USE

Words that can be associated with you

We often have a tendency to forget passwords, so we choose something that has particular relevance to ourselves: the name of a loved one, our favorite car, sport, or ice cream, etc. Anyone knowing a little about us can make a list of these words and easily crack the password. All-digit passwords usually fall into this category - birthdates, phone numbers.

Dictionary, Atlas, etc (any list) words

The computer can test these words in less than an hour even if they are not English. A program with access to a good dictionary has a very good chance of cracking a password that is a real word. Crackers with a CD-ROM have access to extensive dictionaries of words, place names, foreign languages, song titles, Shakespearean characters, street directories and the like. This can include minor modifications such as the addition of a digit or an initial uppercase letter.

DO USE

Preferably something you can remember, that can be typed quickly and accurately and includes characters other than lowercase letters, numbers and punctuation

Examples

• Made-up "words" - ch0kBel@ (can be "pronounced")
  
• Personal acronyms - !hCbl2dT (i hate Coffee but love to drink Tea )
  
• Mispell and/or invert syllables or words - D0gzm+DD (instead of 'mad dogs')
  

Do NOT use any of the examples given here.

This page is based on ITS's password recommendations at http://www.its.uwa.edu.au/policies/its_local_policies/password_security3