Passwords
[Last modified : 2003.07.02]
There exist readily-available sophisticated programs for cracking passwords, so passwords must be chosen with care.
Any password which anybody might guess is a bad password.
To be secure, a password should not be:
- a dictionary word in any form (e.g. "guitar", "Guitar", "GUITAR", "ratiug")
- a name in any form (e.g. "Bob" "Rover", "Hobart", "bruny")
- a dictionary word or name with a numeral at either end (e.g. "1guitar" "Bob1")
- a word with well-known character substitutions (e.g. '1' for 'i', '3' for 'e', '0' for 'o')
- a dictionary word with vowels or consonants removed (e.g. "dwrd" or "ea" for "edward")
- any information easily obtainable about the user (e.g. date-of-birth, phone number)
- any combination of username, ID number or the initial password assigned when the account is created
- any word associated with any work or assignment (e.g. "annrg", "reverseC")
- any well-known word from computing (e.g. "rtfm", "xyzzy")
- any word in any language
- a repetition of a single character
- a simple pattern of letter on the keyboard (e.g. "querty")
- shared between different sites (e.g. university and workplace) or between different systems (e.g. PC and Un*x)
Good passwords :
- are at least eight characters long
- contain a mixture of upper and lower case letters, digits and punctuation
- are easy to remember (so that they needn't be written down)
- can be typed rapidly, so that an onlooker cannot follow
webmaster@infosys.utas.edu.au