Search People  UVa-Wise  The Web
for   Search
Horizontal Hairline
Main Photo OIT
Horizontal Hairline
 

 

  

 

 

 Vertical Hairline

Choosing Good Passwords

The object when choosing a password is to make it as difficult as possible for a would-be intruder to make educated guesses about what you've chosen.

Some guidelines:

Don't:

  • use your login name in any form (as-is, reversed, capitalized, doubled, etc.).
  • use your first or last name, maiden name in any form.
  • use your spouse's or child's name.
  • use your pet's name.
  • use other information easily obtained about you. This includes license plate numbers, telephone numbers, social security numbers, the brand of your automobile, the name of the street you live on, etc.
  • use a password of all digits, or all the same letter. This significantly decreases the search time for an intruder.
  • use a word contained in (English or foreign language) dictionaries, spelling lists, or other lists of words.
  • use a password shorter than six characters
  • write your password down

Do:

  • use a password with mixed-case alphabetic.
  • use a password with non-alphabetic characters, e.g., digits or punctuation.
  • use a password that is easy to remember, so you don't have to write it down.
  • use a password that you can type quickly, without having to look at the keyboard. This makes it harder for someone to steal your password by watching over your shoulder.

Although this list may seem to restrict passwords to an extreme, there are several methods for choosing secure, easy-to-remember passwords that obey the above rules.

Make up a unique sentence and use the first letter of each word in the sentence. Then throw in a digit or punctuation mark somewhere in the middle. A secure login password could be defined as one that does not fit into any would-be intruder's "universe" of intelligible words, or permutations thereof. In other words, an ideally secure password must appear as noise, totally random characters, devoid of any information. Therefore, you should not incorporate into a password any information which is known to others, because this information can make life just that much easier for an intruder. Names of people, streets, dictionary words, new events, are all known by others and can be guessed. For example, a sentence unique to a particular individual might be:

My Volvo's front muffler leaks too much

from which the password "MVfml,tm". Such a password should then be examined in the light of the above guidelines in case any are violated by accident. For example, if the sentence had been:

How older US educators sit

the resulting password "HoUSe.s" contains enough information to make life easier for an intruder.

To protect your files, most UVA-Wise password systems only accept new passwords that conform to the following rules:

  • Must be at least 8 characters long.
  • Must not consist of all lowercase, or all uppercase characters, all digits, or all punctuation characters.
  • Must use a password with non-alphabetic characters, e.g., digits or punctuation.
  • Must not be part of the local computer's name.
  • Must not match anything in your UNIX account information, such as your login name or an item from your "finger" data entry (full name, login shell, home directory).
  • Must not be in the system's spelling dictionary - unless it has some uppercase letters other than the first character. For example, "Explain" would be rejected but "exPlain" would be accepted.
  • Must not have more than 2 characters repeated in a row - thus "ABCaaa" would be rejected.

These rules will probably be expanded to be more stringent in the future.

 
Horizontal Hairline
Site HelpTerms of Use/Privacy Statementwebmaster@uvawise.edu
Copyright © The University of Virginia's College at Wise. All Rights Reserved
One College Avenue • Wise, Virginia 24293 • 888-282-9324 • info@uvawise.edu
Home Back to OIT