Creating Strong Passwords

Posted 4:35 PM, September 11, 2010, by eamsel

A good password is easy to remember, but difficult to guess. Your password should be easy for you to remember without writing down and difficult for others to guess, both for people who know you and for anonymous password-crackers.

Because SUNetID passwords can now be up to 40 characters, you should consider using a passphrase - a sentence or sequence of words. It's easier to remember, and the extra length makes it even harder to crack. NOTE: your passphrase should NOT be a well-known slogan, song lyric, saying, or other quotation, unless you disguise it with punctuation, misspellings, or capitalizations. Most important, your passphrase should be something you will remember. A complex password that cannot be broken is useless if you cannot remember it.

If the application limits you to a smaller number of characters, try to base your password on a word, phrase or sentence that is easy for you to remember. Your password should NOT be just a dictionary word, OR your name, initials, birthday, anniversary, phone number, or any other personal information (or anyone else's).

For example; starting with the phrase, To be or not to be, that is the question, you could make it into an acronym: tbontbtitq. You could go a step further and add numbers: 2bon2btitq. Another step would be to add punctuation and capital letters: 2Bon2B?titq! If you remember the starting phrase, this password will make sense to you and will be very difficult for anyone else to guess.

* The more characters in a password, the more difficult it will be to 'break' (don't usethe minimum number of characters required by the system)
* Passwords can contain characters from the following four classes:
1. Upper-case letters A, B, C, ... Z
2. Lower-case letters a, b, c, ... z
3. Numbers 0, 1, 2, ... 9
4. Often, non-alphanumeric characters (, . ; :'"?!@#$%^&*()_-+=) such as punctuation symbols and spaces

For more information on strong passwords, check the MedIRT information security webpage: http://med.stanford.edu/irt/security/protecting/set_passwds.html.