Password Selection Hints

 Don't use your login name in any form (reversed, capitalised, doubled, ...)

 Don't use your first, middle or last name in any form

 Don't use your spouse's or child's name

 Don't use other information easily obtained about you. This includes
 licence plate numbers, telephone numbers, social security numbers, the
 make of your automobile, the name of the street you live on, ...

 Don't use a password of all digits or of all the same letter

 Don't use a word contained in the English or any foreign language
 dictionaries, spelling lists, or other lists of words

 Don't use a password shorter than 6 characters, but keep in mind that
 only the first eight characters are recognised

 Don't use a password that is related to anything at your workplace or
 your computing environment, such as project names or machine names


 Do use a password with mixed-case alphabetics

 Do use a password with non-alphabetic characters (digits of
 punctuation)

 Do use a password that is easy to remember, so you don't have to write
 it down

 Do use a password that is easy to type, so you don't have to look at
 the keyboard


 Methods of choosing a password to adhere to the above guidelines:

  Choose a line or two from a song, poem, or sentence you can easily
  remember and use the first letter of each word

  Alternate between one consonant and one or two vowels, up to seven or
  eight characters. This provides nonsense words which are usually
  pronouncable, and thus easily remembered

  Choose two short words and concatenate them with a punctuation
  character between them


 Password aging: passwords should be changed frequently
 You may wish to include the number of the month in your password

 Different passwords on different machines: to compromising your
 accounts on different machines when your password was cracked on one
 machine, use different passwords on different machines.
 You may wish to include the first letter(s) of the machine name(s)
 to form different passwords.
 Note: the above may not be possible is the same password is enforced by
 YP or NIS. Also, using .rhost access may compromise security.