Home » Frequently Asked Questions

Selecting Good Passwords

Submitted by tongmaster on Thu, 2005-09-29 11:15.

Rationale:

The object when choosing a password is to make it as difficult as
possible for a cracker to make educated guesses about what you've
chosen. This leaves him no alternative but a brute-force search, trying
every possible combination of letters, numbers, and punctuation. A
search of this sort, even conducted on a machine that could try one
million passwords per second (most machines can try less than one
hundred per second), would require, on the average, over one hundred
years to complete.

 What Not to Use:

  • Don't use your login name in any form (as-is,
    reversed, capitalized, doubled, etc.).

  • Don't use your first or last name in any form.

  • Don't use use your spouse's, child's or pet's name.

  • Don't use other information easily obtained about
    you. This includes license plate numbers, telephone
    numbers, social security numbers, the brand of your
    automobile, the name of the street you live on, etc.

  • Don't use a password of all digits, or all the same
    letter. This significantly decreases the search time
    for a cracker.

  • Don't use a word contained in (English or foreign language)
    dictionaries, spelling lists, or other lists of words.

  • Don't use a password shorter than six characters.

What to Use:

  • Do use a password with mixed-case alphabetic characters.

  • Do use a password with nonalphabetic characters,
    e.g., digits or punctuation.

  • Do use a password that is easy to remember, so you
    don't have to write it down.

  • Do use a password that you can type quickly, without
    having to look at the keyboard. This makes it harder
    for someone to steal your password by watching over
    your shoulder.

Method to Choose Secure and Easy to Remember Passwords:

  • Choose a phrase you will remember, and use the
    first letter of each word. For example, ``I used to like eating mud pies''
    becomes ``Iutlemp''.  Including capitals, numerals and punctuation makes this still harder to guess.

  • Alternate between one consonant and one or two
    vowels, up to eight characters. This provides nonsense
    words that are usually pronounceable, and thus
    easily remembered. Examples include ``routiboo,''
    ``quadopop,'' and so on.

  • Choose two short words and concatenate them together
    with a punctuation character between them. For example: ``dog;rain,'' ``book+mug,'' ``kid?goat.''

Lifted from:

Improving the Security of Your UNIX System

by David A. Curry

(with a few local modifications)

‹ Securing cat's nameserver (bind)upSecure Passwords with a Passcard ›
» login to post comments | 1919 reads