Tip Sheets
Choosing a Good Password: Strengthen Your First Line of Defense
Related Tip Sheet: Keeping Your Password Secure
You use passwords to access your services through the University and NSIT, your online credit card and bank accounts, eCommerce sites like Amazon, and popular social networking sites like Facebook and MySpace. A stolen password can wreak havoc. It is important to choose good passwords and make sure no one gets access to your private information. Here are some tips on how to create a secure password.
Avoid using dictionary words
Dictionary words are any common words, names, dates, or number. Don't assume that this is limited to English dictionaries: if you can find it in the dictionary of any language (even fictional ones, such as Klingon), don't use it! One standard method for cracking passwords is a brute force attack, in which the attacker tries possible passwords over and over again. They try words in all sorts of languages using dictionaries of common passwords.
Avoid using names in any form
This includes your name, your pet's name, your nickname, your boss's name, your mother's name, or anyone else's name. Avoid using words or names, regardless of the language.
Don't use common misspellings of dictionary words
Many of the dictionaries include both common misspellings and words with letters replaced with similar looking numbers. You should also avoid simply adding a numeral to the beginning or end of a word.
Don't use the name of the computer or your account
Since these can be found out, this kind of password can be very easy to guess.
Don't use sample passwords
Obviously, if the password appears in a document such as this for the whole world to see, don't use it.
A password should be between 8 and 16 characters
The longer your password is, the harder it is to crack.
Avoid passwords composed of all numbers or all letters
Use a mixture of upper and lower case letters, numbers, and punctuation such as !, @, #, etc. However, avoid using characters that don't appear on a standard US 101 key keyboard, as they may not work correctly in all circumstances.
Use letters from a phrase or song lyric
Think up a phrase. For example, "Marx's Communist Manifesto has 8196 words in it!". Once you've decided on the phrase, choose the first (or last, or the second, or whatever) letter from each word. "Marx's Communist Manifesto has 8196 words in it!" You'll notice that in this example we've decided to include all the punctuation to improve the quality of the password. So, your password would be M'sCMh8196wii!. It is a nice, long password with a good mixture of character classes.
Combine a few pronounceable "nonsense" words with punctuation
For example nuit+Pog=tWi. Pronouncable nonsense words are easier to remember than random characters.
Make sure you have different passwords for different sites
You can use different iterations of the same basic password. For example, the password above, M'sCMh8196wii! could become m'sCMH8196wii! or M'sCMh8197wii! The password protecting your most sensitive information should always be different from other passwords.
To learn more about choosing good passwords and to test the security of your passwords, visit our Password Security page. To change your CNet password, visit http://cnet.uchicago.edu.
To learn about other tips for safe computing, visit NSIT's Safe Computing site.
For additional assistance, please email support@uchicago.edu or call 4-TECH
View a printable PDF of this Tip Sheet.
Last updated: 9/3/09