Create secure passwords
Jump to navigation
Jump to search
Contents
How to Create Secure Passwords
Password Do's and Dont's
- Do not use words found in any dictionary, spelled forward or backward.
- Do not display passwords on screens or any other media at any time, and do not store passwords in clear-text (unencrypted) form.
- Employ appropriate actions to prevent observers from viewing passwords.
- Practice entering your password so that it can be entered quickly using several fingers.
- Use your body to prevent an observer from seeing the keys being pressed as you enter your password.
- Request that guests do not watch the password entry process.
- Perform password entry prior to demonstrating system use.
- Change your password when it has been compromised, or when you suspect that it has been compromised.
- Memorize your password. Do not write down or store passwords in batch files, automatic log-in scripts, software macros, terminal function keys, or any other place where others might discover them.
- Never use the built-in feature of any system to save your password or remember your password for you. If you do your password may be saved / remembered in a clear readable form that hackers can easily find.
- Do not disclose or share your your password with anyone.
Password construction
To construct a strong password that is easy to remember, use the initial letters of a phrase (use both upper and lower case), include a number or special character.
For example, if you like to go on vacation, you might take the letters from:
My favorite vacation spot is Cabo San Lucan Mexico
You'd get: Mfv$1c$LM
- Something that you can remember, but would be hard for an attacker to guess.
By the way - Do NOT use the Mfv$1c$LM example as your password.
Bibliography
- (ISBN 1597490415) "Perfect Passwords : Selection, Protection and Authentication" by Mark Burnett, Dave Kleiman
- (ISBN 1597490482) "Insider Threat" by Eric Cole, Sandra Ring