|
|
selecting passwords
These guidelines
cover the selection of good passwords and best
practices in handling them.
DO
- Use a password with
mixed-case letters. Do not just capitalize the
first letter, but add uppercase letters.
- Use a password that contains
alphanumeric characters and include punctuation,
where supported by the operating system.
- Use a password that can be
typed quickly, without having to look at the
keyboard. This makes it harder for someone to
steal your password by looking at your keyboard
(also known as "shoulder surfing").
- Change passwords regularly.
The more critical an account to network
integrity (such as root on a Unix host or
Administrator on Windows NT), the more
frequently the password should be changed. This
change stops someone who has already compromised
an account from continued access.
DO NOT
- Use a network login ID in any
form (reversed, capitalized, doubled) as a
password.
- Use your first, middle or
last name in any form. Do not use your initials
or any nicknames you may have.
- Use a word contained in
English or foreign dictionaries, spelling lists,
or other word lists.
- Use other information easily
obtained about you. This includes pet names,
license plate numbers, telephone numbers,
identification numbers, the brand of your
automobile, the name of the street you live on,
and so on. Such passwords are very easily
guessed by someone who knows the user.
- Use a password of all
numbers, or a password composed of alphabet
characters. Mix numbers and letters.
- Write a password on sticky
notes, desk blotters, calendars, or store it
online where it can be accessed by others.
- Reveal a password to anyone.
- Use shared accounts.
Accountability for group access is extremely
difficult.
|
|
 |
