Selecting Good Passwords

Easy-to-guess passwords are a prime target for hackers to try to enter a system. The object when choosing a password is to make it as difficult as possible for anyone to make educated guesses about what you've chosen as a password. This leaves them no alternative but a brute force search, trying every possible combination of letters, numbers, and punctuation, which is not reasonable on most systems.

Never share your password with another user or make your password known to anyone else. Change your password often; we suggest that you change your password every three months. NCSA does require password changes on a yearly basis.

Examples of passwords that can easily be broken are:

passwords that are made up of a word or name in English or any other language
transferring letters or numbers for similar ones (e.g., zeros for o's)
words with a number added to the beginning or end
your login name in any form (as-is, reversed, capitalized, doubled, etc.)
your spouse's or child's name
any other information easily obtained about you. This includes license plate numbers, telephone numbers, social security numbers, the brand of your automobile, the name of the street you live on, etc.
a password of all digits, or all the same letter. This significantly decreases the search time for password cracking software.

Good passwords should be at least 8 characters and consist of both lower and upper case letters, numbers, and symbols. A good way to select a password is to choose a line or two from a song or poem, and use the first letter of each word. A better option, which makes a password more difficult to crack, is using a passphrase. An example of this is "First come first served". A nice 22 character password that's easy to remember. To make it a bit more difficult you can add in other characters or take out spaces, "Firstcome1stserved" (now don't use this password :).

Choosing a Good Password