Western Kentucky University

Secure Passwords

Password Do's and Dont's

Do:

  • Do memorize your password
  • Do use passwords that would be difficult for others to guess
  • Do use passwords with a mix of letters, numbers and symbols (#@$&*)
  • Do use a password that you can remember, so that you don't have to write it down
  • Do change your passwords every 3 to 6 months or immediately if compromised

Don't:

  • Don't write your password down where someone could find it
  • Don't use passwords with less than six characters
  • Don't use any part of your logon name for your password
  • Don't share your password with anyone
  • Don't use names, addresses, or significant dates such as your birthday
  • Don't use words that can be found in any dictionary
  • Don't use the same password for all of your accounts. If someone discovers one of your passwords, you do not want them to have access to all of your accounts.

Create A Strong Password

One way to create a good, strong password, is to use part of a phrase that is easy for you to remember. This phrase can be a set of words taken from a book, a song, a quotation, a statement, or anything else that you always easily remember. This phrase should be easy for you, but no one else should ever think about attributing it to you. Below are some examples of how to create strong passwords.

Example:
Phrase: "Four score and seven years ago, our fathers..."
Password: "Fs&7yAoF"

The result: Derived by choosing the first letter from each word, using a mixed case of letters, adding a non-alphabetic character and number where possible.

Combination passwords:
An easy to remember password, which is based on a combination of two unrelated words with a mixed case of letters, numbers, and symbols.

Example:
Pass-words: "cash cow"
Password: "ca$hc0uu"

The result: Derived by combining the two words, changing the "s" to "$" (dollar sign), the "o" to "0" (zero), and "w" to "uu" (a double-U).

Why does this matter?

A common way to gain access to a network is to find a user's password, often by simple guessing. Attackers often setup automated programs to try and guess passwords on systems they find accessible from the internet. These attacks are called Dictionary attacks and can be very effective. Here are some of the most common passwords we've observed attackers trying to use on our network:

  • 123456
  • password
  • 123
  • 1234
  • root
  • test
  • qwerty
  • 12345
  • 1q2w3e
  • 123456789
  • test123
  • admin
  • abc123
  • changeme
  • passwd

If your password looks similar to these then you should change it immediately.

 

 Last Modified 12/3/13