The Importance of Choosing a Good Password
Good passwords are extremely important to prevent unauthorized access to your accounts.
The object when choosing a password is to make it as difficult as possible for a would-be intruder to make educated guesses about what you’ve chosen.
This leaves a criminal no alternative but a brute-force search, trying every possible combination of letters, numbers, and punctuation. Though intruders may have access to machines that can try thousands or millions of possible passwords per second, a more complicated password vastly decreases the chances an intruder will be able to guess yours.
Guidelines for Stronger Passwords
Password Don’ts
Do not use:
- your login name in any form (as-is, reversed, capitalized, doubled, etc.);
- your first or last name in any form;
- your spouse’s or child’s or pet’s name;
- other information easily obtained about you (this includes license plate numbers, telephone numbers, Social Security numbers, your vehicle brand, your street, etc.);
- a password of all digits, or all the same letter (this significantly decreases the search time for an intruder);
- a word contained in English or foreign language dictionaries; or
- a password shorter than 7 characters.
Password Do’s
Do use:
- mixed-case alphabetics (both lower- and upper-case letters);
- nonalphabetic characters, e.g., digits and/or punctuation (the strongest passwords have both);
- 7 characters or more;
- a password that is easy to remember, so you don’t have to write it down; and
- a password that you can type quickly, without having to look at the keyboard (this makes it harder for someone to steal your password by watching over your shoulder).
A Simple Technique for Making a Strong But Easy-to-Remember Password
Although this list may seem to restrict passwords to an extreme, there are several methods for choosing secure, easy-to-remember passwords that obey the above rules.
- Make up a unique sentence and use the first letter of each word in the sentence. Mix up the capitalization.
- Then throw in a digit and/or punctuation mark somewhere in the middle.
For example:
- A sentence unique to you might be: “My Volvo’s front muffler leaks too much”
- This gives you the password MVfml,tm
- Check your password against the other above guidelines, in case any are violated by accident.
For example:
- If the sentence had been “How older US educators sit”
- This gives you the password HoUSes
- However: That password would not be strong enough, because that word happens to appear in dictionaries, and so would be much easier for an intruder to guess. You would definitely need to throw in some digits and/or punctuation to make such a password stronger, or try a new sentence altogether.
Passwords at UVa
To protect your files, most UVa password systems only accept new passwords that conform to the following rules:
- Must be at least 6 characters long;
- Must not consist of all lowercase, or all uppercase characters, all digits, or all punctuation characters;
- Must not be part of the local computer’s name;
- Must not match anything in your UNIX account information, such as your login name or an item from your “finger” data entry (full name, login shell, home directory);
- Must not be in the system’s spelling dictionary—unless it has some uppercase letters other than the first character (for example, "Explain" would be rejected but "exPlain" would be accepted); and
- Must not have more than 2 characters repeated in a row (thus a password like “ABCaaa” would be rejected).
For your security, these rules may be expanded over time to be more stringent.