|
Using strong passwordsLast revision October 5, 2009
You absolutely must set strong passwords to protect all network services offered by your computer. Rules for setting strong passwords are based on examining the types of programs used by hackers to crack passwords. Because it takes too long to try every possible password, hackers use programs that try common patterns of words and word permutations, using large dictionaries of English and foreign language words. If you avoid those patterns, your password is much less likely to be guessed by a hacker. These password rules are enforced by the password setting program on the StanfordYou web site (for SUNet passwords). Never use a password that matches your account name itself, any part of your own name, or any easily obtainable personal information (such as your spouse's name). Do not set a password that consists simply of any common English or foreign language word or proper name (whether all lowercase or all uppercase), or any such word written backwards. Do not use a common word with only one or two characters preceding or following it, such as 99orange or orange!. Your password should be at least eight characters long. Most modern computers allow passwords at least sixteen characters long. Although harder to remember and type, a password longer than eight characters is significantly harder to guess. The best passwords contain non-alphabetic characters or capitalized letters in the middle of the password (not just at the beginning or end), such as try2JUMP. You could try a deliberate misspelling of a word, such as choklutt. Or join two small words with a non-alphabetic character in the middle, such as cat&mous. Or make up an acronym from the name of a book, movie, etc., such as ilGWTW for "I like 'Gone With The Wind'". But don't use any of these examples, or any other example in a book or on a web page!
|
