Choosing a Good Password

Bad choices for passwords:

  1. Any word in any dictionary, or any prefix, suffix, etc. of such a word. Also, any concatenation of two or more such words.

  2. Any personal information. For example: social security number, names of relatives, friends, significant others. Names of pets. Make, model, license plate number of a vehicle. You get the idea.

  3. Any password that someone has suggested to you or that you've seen written down.

  4. Any sequence of adjacent keys on the keyboard. For example, "Qwerty".

A good password will:

  1. Contain a mix of upper-case and lower-case letters.

  2. Contain punctuation characters and/or numerals.

  3. Be as long as possible, at least eight characters.

  4. Be easy to remember. Mnemonics assist greatly in this process.

Mnemonic passwords are often the best. For instance, take the first letters and punctuation of the phrase, "Hail the Gophers, they're my heroes!" You end up with the password "HtG,tmh!". That's a good password that's also easy to remember. Don't use this one or you'll be violating rule three of the bad password choices from above!

Another idea is to concatenate two short, misspelled words with some other characters. For instance, the Big Ten conference becomes the password "Byg;Tyn!". Again, don't use this password.

Why is having a good password important? Firstly, it protects you. If someone breaks into your account and commits a crime, you could have a very difficult time proving to the authorities that it wasn't you who committed the crime. Secondly, it protects the system. A large majority of Unix systems can be compromised once a hacker has gotten an account on the system. The easiest way to get an illicit account is to exploit a weak password. Passwords are the first line of defense against hackers. Unfortunately on many Unix systems, they're also the last line of defense.



Thomas P. Kelliher
Last updated August 4, 2003.