Password Selection Hints Don't use your login name in any form (reversed, capitalised, doubled, ...) Don't use your first, middle or last name in any form Don't use your spouse's or child's name Don't use other information easily obtained about you. This includes licence plate numbers, telephone numbers, social security numbers, the make of your automobile, the name of the street you live on, ... Don't use a password of all digits or of all the same letter Don't use a word contained in the English or any foreign language dictionaries, spelling lists, or other lists of words Don't use a password shorter than 6 characters, but keep in mind that only the first eight characters are recognised Don't use a password that is related to anything at your workplace or your computing environment, such as project names or machine names Do use a password with mixed-case alphabetics Do use a password with non-alphabetic characters (digits of punctuation) Do use a password that is easy to remember, so you don't have to write it down Do use a password that is easy to type, so you don't have to look at the keyboard Methods of choosing a password to adhere to the above guidelines: Choose a line or two from a song, poem, or sentence you can easily remember and use the first letter of each word Alternate between one consonant and one or two vowels, up to seven or eight characters. This provides nonsense words which are usually pronouncable, and thus easily remembered Choose two short words and concatenate them with a punctuation character between them Password aging: passwords should be changed frequently You may wish to include the number of the month in your password Different passwords on different machines: to compromising your accounts on different machines when your password was cracked on one machine, use different passwords on different machines. You may wish to include the first letter(s) of the machine name(s) to form different passwords. Note: the above may not be possible is the same password is enforced by YP or NIS. Also, using .rhost access may compromise security.