choosing your password

Your web page title

Your password is what tells the computer that you are who you say you are. Until we can do retina scans like in James Bond movies, the password is the best that we can do. But, because your password is like a key to your account, you need to safeguard it. Anyone who has your password can get into your account, and your files. Anyone who can guess your password has it. Anyone who has your password can pose as you. Therefore, you may be held responsible for someone else's actions, if they are able to get your password. You may not wish this to happen.

How Not To Choose A Good Password

Here are some types of pass words that will be picked up by crackers.

Words in the dictionary.

Words in any dictionary.

Your user name.

Your real name.

Your spouse's name.

Anyone's name (crackers don't necessarily know that your aunt's middle name is Agnes, but it's easy enough to get a list of 100,000 names and try each one).

Any word in any ``cracking dictionary.'' There are lists of words that crackers use to try to crack passwords: passwords that a lot of people use. Some of these lists include: Abbreviations, Asteroids, Biology, Cartoons, Character Patterns, Machine names, famous names, female names, Bible, male names, Movies, Myths-legends, Number Patterns, Short Phrases, Places, Science Fiction, Shakespeare, Songs, Sports, Surnames

Any of the above, with a single character before or after it (``8dinner'', ``happy1'').

Any of the above, capitalized (``cat'' --> ``Cat'')

Any of the above, reversed (``cat'' --> ``tac''),

doubled (``cat'' --> ``catcat'') or mirrored (``cat'' --> ``cattac'').

Words like ``foobar'', ``xyzzy'' and ``qwerty'' are still just plain words. They are also popular passwords, and the crack programs look for them. Avoid them.

Any of the sample passwords, good or bad, mentioned in this document.

How To Choose A Good Password

Here are some guidelines to creating a good password

Choose a password that is at least six characters long. This should be long enough to discourage a brute-force attack. Currently, the maximum password length on many Unix systems is eight characters, but if you want to add a few more characters to make it easier to remember, go ahead. Just bear in mind that anything after the eighth character will be ignored (so ``abnormalbrain'' is the same as ``abnormal'').

In general, a good password will have a mix of lower- and upper-case characters, numbers, and punctuation marks, and should be at least 6 characters long. Unfortunately, passwords like this are often hard to remember and result in people writing them down. Do not write your passwords down!

The license plate rule: take a phrase and try to squeeze it into eight characters, as if you wanted to put it on a vanity license plate. Some people like to pick several small words, separated by punctuation marks of some kind. Put a punctuation mark in the middle of a word, e.g., ``vege%tarian''.

Use some unusual way of contracting a word. You don't have to use an apostrophe. One of my favorite passwords was ``kEp*-h&y'': ``kEp'' --> ``keep'', ``*-'' --> ``laser'' (like those signs that you see outside of physics labs), and ``h&y'' --> ``handy''; ``Keep your laser handy!''

You can use control characters. Just bear in mind that a lot of them have special meanings. If you use ^D, ^H or ^U, for example, you might not be able to log in again.

Think of an uncommon phrase, and take the first, second or last letter of each word. ``You can't always get what you want'' would yield ``ycagwyw''. Throw in a capital letter and a puntuation mark or a number or two, and you can end up with ``yCag5wyw''.

Deliberately misspelling one or more words can make your password harder to crack.

Use several of the techniques above. Something that no one but you would ever think of. The best password is one that is totally random to anyone else except you. It is difficult to tell you how to come up with these, but people are able to do it. Use your imagination!