Stanford University School of Earth Science
 
Home
News
New Users
Policies
Email
Web Hosting
Get Help
Net Connections
Macintosh
Windows PC
Unix/Linux System
Pangea Server
School Resources
    Use Policy
   Network
   Computer Labs
   Printers
   Security
   Univ Resources
   FAQ
Using Unix

Using strong passwords

Last revision September 15, 2005

Security safeguards:

  1. Minimize network presence
  2. Using strong passwords
  3. Install security patches regularly
  4. Backup computer data
  5. Encrypted login
  6. Network firewall
  7. Switched ethernet
  8. Restricted Connections to Pangea
  

You absolutely must set strong passwords to protect all network services offered by your computer. Rules for setting strong passwords are based on examining the types of programs used by hackers to crack passwords. Because it takes too long to try every possible password, hackers use programs that try common patterns of words and word permutations, using large dictionaries of English and foreign language words. If you avoid those patterns, your password is much less likely to be guessed by a hacker. These password rules are enforced by the password setting programs on pangea and the StanfordYou web site (for SUNet passwords).

Never use a password that matches your account name itself, any part of your own name, or any easily obtainable personal information (such as your spouse's name). Do not set a password that consists simply of any common English or foreign language word or proper name (whether all lowercase or all uppercase), or any such word written backwards. Do not use a common word with only one or two characters preceding or following it, such as 99orange or orange!. Your password should be at least six characters long. On Unix systems like pangea, your password cannot exceed eight characters (actually, you can use more than eight characters if that makes it easier to remember, but only the first eight characters count).

The best passwords contain non-alphabetic characters or capitalized letters in the middle of the password (not just at the beginning or end), such as try2JUMP. You could try a deliberate misspelling of a word, such as choklutt. Or join two small words with a non-alphabetic character in the middle, such as cat&mous. Or make up an acronym from the name of a book, movie, etc., such as ilGWTW for "I like 'Gone With The Wind'". But don't use any of these examples, or any other example in a book or on a web page!

 


Comments?

Stanford University    |