Internet Storm Center Infocon Status

Search ISU Security

RSSSubscribe to the RSS Feed
ISU Information Security

Creating a Stronger Password

Thursday, July 30, 2009 14:51

Here are some tips on creating a stronger password:

  • Create a pass with twelve(12) characters or more. The longer the password the more secure it will be. Think of phrases that you can string together, rather than single or double words. thequickbrowndogjumpedoverthelazyfox is much more secure than mypassword. ISU’s system allows for passwords up to 64 characters in length.
  • Most sites now allow for a full range of characters in passwords, letters (upper and lower case), numbers, and symbols. Use these extra characters mix them into your pass-phrase, use them to substitute for certain letters. If you’re unsure which characters can be used in a site’s login check the site’s FAQ or with their help facilities. So, our long pass-phrase becomes: Th30uick8r()wndo9Jum3d-overth3L4$7FoX
  • Try to have a variety of pass-phrases for a variety of different logins. Do not use the same pass for your Facebook account that you use to access ISU services.
  • Change your pass-phrases often, twice a year at least.
  • Never give out a pass.
  • Never use important dates (like birthdays or anniversaries) for your password.
  • Never use proper names, especially those of people closely associated with you.
  • Never use a single dictionary word, in any language.
  • Never keep your password in an unsecured format. A post-it in your desk drawer is NOT secure. If you need to store passes, use an ecrypted storage format. There are several software packages available for this.

If your ISU pass is compromised, change it immediately (if you can) and contact the [cref 44 helpdesk].

NOTE: Since the password examples given here are published and visible to the world, they should NOT be used in creating a password.

Helpful Links

Change CWIS password
Password Size Does Matter