Choosing a Secure Password

By choosing difficult passwords you ensure that in the event that our password file does get out, it is very unlikely that this will help the hacker. This helps to maintain our high level of security, resulting in protection for the department at large. You should not use the same password on multiple systems but do keep your unix and PC password the same!!!

Passwords should be a minimum of eight (8) characters and include a mix of upper case letters, lower case letters and at least one non-letter character. These rules must apply to the first 8 characters of your password.

Passwords that are easily guessed include the following:

• Dictionary words (of any kind: foreign, movie, Latin, obscure, high-tech), backwards or forwards

  Hackers use several 10s of foreign dictionaries, movie dictionaries, or high-tech dictionaries in an attempt to guess passwords. Any word that might possibly be found in any dictionary is unsuitable.

• Any word that just has a number prepended or appended to it.

• Based on personal information

  It is frequently very easy to guess a password that someone has chosen based on very little information about that person. It is sometimes possible to guess the password from information found on the web, if the chosen password is based on personal information. This includes name, department, birthday, anniversary, dog, cat, mother's maiden name, social security number, driver's license, etc... Therefore these passwords are unsuitable. Again, backwards or forwards are easily guessed.

Passwords that are acceptable include "random" strings, two words joined with selective replacement of key letters by punctuation, lyrics or verse joined in interesting ways, e.g.

        random:                 b4j/C5(*
        two words:              To@)fR0(        (toad frog)
        lyrics or verse:        AtW*$@w*        (All the world's a stage..)

Please do not use any of these examples!