It is very important that users change the password for their Brunel CS user
account frequently, and that they change it to something that cannot be
guessed by someone else. This is because the password is the way the computer
verifies that someone logging in with your user ID is really you.
If someone else obtains your password, they can use your account to look at
your private files and electronic mail; alter or delete your files; and perform
illegal activities in your name. In such cases it is unlikely that the identity
of the culprit will be discovered and indeed it may be difficult to prove that
it was someone else.
The following guidelines will help protect you against someone finding out your
password and using your account illegally:
1. Make your password as long as possible. The longer it is, the more
difficult it will be to attack the password with a brute-force search.
It must be 7 or 8 characters in length.
2. Use as many different characters as possible when forming your password.
Use numbers, punctuation characters and, if possible, mixed upper and
lower-case letters. Choosing characters from the largest possible
alphabet will make your password more secure.
However do not use any of: @ # [ ]
3. Do not use personal information in your password that someone else is
likely to be able to guess. Obviously, things like your name, telephone
number, address, national insurance number or car registration should be
avoided. Also, names of relations, partners, acquaintances and so on
should not be used.
4. Do not use single words, geographical names, or biographical names that
are listed in standard dictionaries.
5. Never use a password that is the same as your (or a friends) account name.
6. Do not use passwords that are easy to spot while you're typing them in.
Passwords like 12345, qwerty (i.e. all keys adjacent to each other), or
nnnnnnn should be avoided.
7. Change your password regularly, say every 30 days. You should never go
longer than about 90 days before changing your password. Do not reuse
passwords that you have used before.
If you are having difficulty picking a good password, one good method is to use
the first letter of each word in a phrase you can easily remember. For example,
"Linux, the cure for a Microsoft headache." would be ltcfamh. Another method is
to use two short unrelated words joined by a digit or punctuation character.
Examples include: nest)rum, let8glow. But, don't use any of these examples!
Here are some guidelines about what secure passwords should not include [1]:
Your name
Your spouse's name
Your parent's name
Your pet's name
Your child's name
Names of close friends or coworkers
Names of your favorite fantasy characters
Your boss's name
Anybody's name
The name of the operating system you're using
The hostname of your computer
Your phone number
Your license plate number
Any part of your social security number
Anybody's birth date
Other information that is easily obtained about you
Words such as wizard, guru, gandalf, and so on.
Any username on the computer in any form (as is, capitalized, etc.)
A word in the English dictionary
A word in a foreign dictionary
A place
A proper noun
Passwords of all the same letter
Simple patterns on the keyboard, like qwerty
Any of the above spelled backwards
Any of the above followed or prepended by a single digit
Good passwords [2]:
Have both upper and lower case letters
Have digits and/or punctuation characters as well as letters
Are easy to remember, so they do not have to be written down
Are seven or eight characters long
Can be typed quickly, so someone else cannot look over your shoulder
[1] Simson Garfinkel and Gene Spafford, Practical UNIX Security
(Sebastopol, CA: O'Reilly & Associates, Inc., 1991), pp. 33-34.
[2] Ibid., p. 35.
TY April 1999