Computer security is only as strong as the weakest link. From experience within the computer industry, a significant number of computer breakins (perhaps the majority) can be traced back to a poorly-chosen password. In most of the cases, passwords are the first weakness tried by an attacker.
The password is the most vital part of account security. If an attacker can discover a user's password, he or she can then log in to the system and operate with all the capabilities of that user. Such an attack is usually hard to detect and can last for months.
A good password is:
- Private: it is used and known by one person only
- Secret: it does not appear in clear text in any file or program or on a piece of paper pinned to the terminal
- Easily remembered: so there is no need to write it down and not guessable by any password cracking program in a reasonable time, for instance less than one week.
Examples of passwords that can easily be broken are:
- Passwords that are made up of a word or name in English or any other language
- Transferring letters or numbers for similar ones (e.g., zeros for o's)
- Words with a number added to the beginning or end
- Your login name in any form (as-is, reversed, capitalized, doubled, etc.)
- Your spouse's or child's name
- Any other information easily obtained about you. This includes license plate numbers, telephone numbers, social security numbers, the brand of your automobile, the name of the street you live on, etc.
- A password of all digits, or all the same letter. This significantly decreases the search time for password cracking software.
- Don't use a password shorter than six characters.
Although this seems quite restrictive, it's easy to pick good passwords
What to Use
- Novell allows for passwords that are cAse senSitive and can be up to 256 characters. Do use a password or passphrase (eg. my1cOmputeriswhite) with alphabetic and numeric characters.
- Do use a password with nonalphabetic characters, e.g., digits or punctuation.
- Do use a password that is easy to remember, so you don't have to write it down.
- Do use a password that you can type quickly, without having to look at the keyboard. This makes it harder for someone to steal your password by watching over your shoulder.
Method to Choose Secure and Easy to Remember Passwords or Pass Phrases
- Choose a line or two from a song or poem, and use the first letter of each word. For example, ``In Xanadu did Kubla Kahn a stately pleasure dome decree'' becomes ``IXdKKaspdd.''
- Alternate between one consonant and one or two vowels, up to eight characters. This provides nonsense words that are usually pronounceable, and thus easily remembered. Examples include ``routboo,'' ``quadpop,'' and so on.
- Choose two short words and concatenate them together with a punctuation character between them. For example: ``dog;rain,'' ``book+mug,'' ``kid?goat.''
- Utilize the first letters of a phrase, a phrase itself. For example, "I hate passwords but they are necessary!" = ihpbtan!
Excerpts from
IMPROVING THE SECURITY OF YOUR UNIX SYSTEM David A. Curry, Systems Programmer Information and Telecommunications Sciences and Technology Division ITSTD-721-FR-90-21 http://www.alw.nih.gov/unix-security.html
CERN Security Handbook Practical computer security for CERN users Version 1.2 12 December 1996 http://consult.cern.ch/writeup/security/security_toc.html
Paso Robles Public Schools
800 Niblick Rd.
Paso Robles, CA 93446
805.238.2222 FAX: 805-237-3339
Copyright 2006, Paso Robles Public Schools
Last modified 6/20/06