1. Consider using pass-phrases instead of passwords.  See notes below regarding pass-phrases.
2. Good passwords are passwords that are difficult to guess, consider passwords that contain letters, numbers and/or symbols.
3. Using mixed case password is an excellent method of creating a strong password (Not valid on Mainframe or M204)
4. Never share passwords. Do not give your password during training session or over the phone to support personnel.
5. Do not write down your passwords.
6. In general good passwords can consist of:

• Have both upper and lower case
• Have digit and/or symbols as well as letters
• Are easy to remember, so they are not written down
• Are at least six characters in length

6. If you have passwords on multiple accounts, it is very tempting to have the same password for all accounts. However if one of accounts is compromised, all accounts are compromised. A common approach is to add a suffix to the base password for each different account.

Computer users having trouble logging into their account due to invalid or expired password, should contact the Help Desk at x3350 or Computer Operations at x3536. In order to have your password reset you must present valid photo identification to Computer Operations, 105 E.O. Bull Center or the Help Desk, 22 Anderson Hall.

Pass-Phrases

One of the easiest to remember and hardest to crack password methods is the pseudo-random password. The actual password is generated from an easy to remember pass-phrase that is important to the user. This phrase can be the words from a book that you particularly like, words from a song that you always remember with ease, a statement that some powerful figure made that you will NEVER forget. This is the key. It is a phrase that is easy for you but no one else will ever think about attributing to you.

For example:

pass phrase: My Wife's Birthday Is april(4) Twenty Fifth Nineteen Sixty six(6)

password : mwbi4tfns6

pass phrase: "Four score and seven years ago our fathers brought…"

password : foscanse (arrived at by choosing the 1st 2 letters from each word until a total of eight characters resulted).

pass phrase: "It was a dark and stormy night".

password: iwadasn

It's easy for you to figure it out but it's a nightmare for a password cracker. The idea in this method is not that the password itself is easy to remember but that the process that you go through to arrive at it is so simple that you find yourself re-creating the same password with the process without even thinking about it.

When the time comes to change passwords, you have a number of options. You can change your pass phrase and re-process or you can keep the same phrase and change the order of the characters that you choose from it (take every second and fourth letter). It really doesn't matter -- what does matter is that you come up with very strong passwords that you can either remember or re-create on demand with little effort.