Appendix D: How to Choose a Good Password
Rationale
The object when choosing a password is to make it as difficult as
possible for a cracker to make educated guesses about what you've
chosen. This leaves him no alternative but a brute-force search,
trying every possible combination of letters, numbers, and
punctuation. A search of this sort, even conducted on a machine that
could try one million passwords per second (most machines can try less
than one hundred per second), would require, on the average, over one
hundred years to complete.
What Not to Use
- Don't use your manager name in any form (as-is, reversed,
capitalized, doubled, etc.).
- Don't use your first or last name in any form.
- Don't use your spouse's or child's name.
- Don't use other information easily obtained about you. This
includes license plate numbers, telephone numbers, social security
numbers, the brand of your automobile, the name of the street you
live on, etc.
- Don't use a password of all digits or all the same letter. This
significantly decreases the search time for a cracker.
- Don't use a word contained in a dictionary (English or otherwise).
What to Use
- a password with mixed-case alphabetics.
- a password with nonalphabetic characters, e.g., digits or
punctuation.
- a password that is easy to remember, so you don't have to write it
down.
- a password that you can type quickly, without having to look at
the keyboard. This makes it harder for someone to steal your
password by watching over your shoulder.
Method to Choose Secure and Easy to Remember Passwords
- Choose a line or two from a song or poem, and use the first letter
of each word. For example, ``In Xanadu did Kubla Kahn a stately
pleasure dome decree'' becomes ``IXdKKaspdd.''
- Alternate between one consonant and one or two vowels, up to eight
characters. This provides nonsense words that are usually
pronounceable, and thus easily remembered. Examples include
``routboo,'' ``quadpop,'' and so on.
- Choose two short words and concatenate them together with a
punctuation character between them. For example: ``dog;rain,''
``book+mug,'' ``kid?goat.''
References:
IMPROVING THE SECURITY OF YOUR UNIX SYSTEM
David A. Curry, Systems Programmer
Information and Telecommunications Sciences and
Technology Division
ITSTD-721-FR-90-21
Document: /manual/hccmanD.html
Last Modified: Friday, 24-Jul-1998 11:37:37 CDT
Copyright © 1997, 1998 Infobahn Outfitters, Inc.