 |
|
|
|
|
|
||
      |
|
||
 |
 |
|
|
|
|||
 |
| Information Security |
| IRT Information |
When setting a good password, we suggest using passwords that replace various letters with numbers and symbols, or making up a phrase that is easily remembered that can used as a password. An example could be, I like to rollerblade during the summer months. By using the first character in each word of the previous phrase I would get, "Iltrdtsm." So far we have met the 6-8 character requirement but we need to do a little bit more to the password. We need to add one more capital letter and mix in a numeral or two. If we add those last two parts we get a password that looks like, Il2Rdt5m. If you remember the phrase you created, your password should be just as easy to remember. For stronger security, choose longer passwords with characters from all four classes.
Below are some more examples of setting a good, strong password.
Passwords must be at least six to eight (6-8) characters long.
Passwords must contain characters from at least three (3) of the following four (4) classes:
Description Examples
-------------------------------------------------------------------
English upper case letters A, B, C, ... Z
English lower case letters a, b, c, ... z
Westernized Arabic numerals 0, 1, 2, ... 9
Non-alphanumeric ({}[],.<>;:'"?/|\`~!@#$%^&*()_-+=) such as punctuation symbols
* A complex password that cannot be broken is useless if you cannot remember it. For security to function, you must choose a password you can remember and yet is complex.
Password Do' and Don'ts
DO use a password with mixed-case letters.
DO NOT use a network login ID in any form (reversed, capitalized, or doubled as a password).
DO use a password that contains alphanumeric characters and include punctuation, where supported by the operating system.
DO NOT use your first, middle or last name or anyone else’s in any form. Do not use your initials or any nicknames you may have or anyone else’s.
DO use a password with mixed-case letters. Do not just capitalize the first letter, but add uppercase letters throughout the password.
DO NOT use a word contained in English or foreign dictionaries, spelling lists, or other word lists and abbreviations.
DO use a seemingly random selection of letters and numbers.
DO NOT use other information easily obtained about you. This includes pet names, license plate numbers, telephone numbers, identification numbers, the brand of your automobile, the name of the street you live on, any hobbies and so on. Such passwords are very easily guessed by someone who knows the user.
DO use a password that can be typed quickly, without having to look at the keyboard. This makes it harder for someone to steal your password by
looking at your keyboard (also known as "shoulder surfing").
DO NOT use a password of all numbers, or a password composed of alphabet characters. Mix numbers and letters.
DO NOT use dates e.g., September, SEPT1999 or any combination thereof.
DO change passwords regularly. The more critical an account to network integrity (such as root on a Unix host or Administrator on Windows NT), the more frequently the password should be changed. This change stops someone who has already compromised an account from continued access.
DO NOT use keyboard sequences, e.g., qwerty.
DO NOT use a sample password, no matter how good, that you’ve gotten from a book that discusses information and computer security.
DO NOT use any of the above things spelled backwards, or in caps, or otherwise disguised.
DO NOT write a password on sticky notes, desk blotters, calendars, or store it online where it can be accessed by others.
DO NOT use shared accounts. Accountability for group access is extremely difficult.
DO NOT reveal a password to anyone.
