Contents
Do: 
- Change
your password every three to six months.
- Use
a mix of both upper and lower case letters ("arUsHa,"
not "arusha").
- Use
numbers and special symbols (!@#$) with letters ("arU12#sHa").
- Create
simple mnemonics (memory aids) or compounds that are easily
remembered, yet hard to decipher:
- "3laR2s2uaPA$$WDS!"
for "Three-letter acronyms are too short to use
as passwords!"
- "MKieoMMas19tfh"
for "Mount Kilimanjaro is east of Mount Meru and
stands 19 thousand feet high"
- Use
two or more words together ("Yet_Another_Example").
- Use
misspelled words ("WhutdooUmeenIkan'tSpel?").
- Use
a minimum of eight characters. Generally the longer the
password, the more secure it is.
Do
not use:
- Names:
- of
yourself, including nicknames;
- of
your spouse or significant other, of your parents, children,
siblings, pets, or other family members;
- of
fictional characters, especially ones from fantasy or
sci-fi stories;
- of
any place or proper noun;
- of
computers or computer systems;
- any
combination of any of the above.
- Numbers,
including:
- your
phone number;
- anyone's
birthday;
- your
driver's licence number or licence plate;
- your
address;
- any
common number like 3.1415926 or 1.618034;
- any
series such as 1248163264;
- any
combination of any of the above.
- Any
username in any form, including:
- capitalized
(Joeuser);
- doubled
(joeuserJoeuser);
- reversed
(resueoJ);
- reflected
(joeuserResueoj);
- with
numbers or symbols appended (Joeuser!).
- Any
word in any dictionary in any language in any form.
- Any
word you think isn't in a dictionary, including:
- any
slang word or obscenity;
- any
technical term or jargon.
- Any
common phrase:
- "Go
ahead, make my day."
- "Brother,
can you spare a dime?"
- "1
fish, 2 fish, red fish, blue fish."
- Simple
patterns, including:
- passwords
of all the same letter;
- simple
keyboard patterns (qwerty, asdfjkl);
- anything
that someone might easily recognize if they see you
typing it.
- Any
information about you that is easily obtainable:
- favorite
color;
- favorite
rock group.
- Any
object that is in your field of vision at your workstation.
- Any
password that you have used in the past.
There
are programs (and they are easy to write) which will crack passwords
that are based on the above.
Never!
NEVER
write your password down anywhere, or share your password
with anyone, including your best friend or an on-line consultant!
Why
go through all the trouble?
Passwords
are the primary defense and front-line security for your personal
data. If someone obtains your password, then they have complete
access to your account and all its data, and to all the privileges
and abilities you have.
If
you give your password to anyone, you are giving them significant
power while keeping all the responsibility for their wielding
it. There are always better and safer ways of doing anything
legitimate than giving away your password. Giving
someone else your password -- including trusted friends --
is like giving them a signed blank check, or your charge card.
You
should never do this. Even to "lend" your account
to someone temporarily is dangerous. This is especially important
now that you can view certain private information online.
What if I forget my password?
Bring
your identification and come into the ANM offices. The staff
will be able to help you.
|
