Systems and Operations Department
Considerations When Choosing a Password
How to Choose a Strong Password
Often times, choosing a strong password can be difficult for users. Below are some tips for choosing a strong password:
- • Your password must be at least 6 characters long. This is long enough to intimidate attackers in combination attacks called brute-force. Currently, the maximum password length on most Unix/Linux systems is eight characters. When you want to enter more characters, characters entered after the eighth character are ignored (For example, characters entered after the eighth character of the password “abN0rmaLbrAin” are ignored and accepted as “abN0rmaL”.)
- • A strong password is usually should consist of mixed upper and lower case letters, numbers, punctuation marks and at least 6 characters. Unfortunately, some users write down hard-to-remember passwords. As a result, your password is easily learned by other people. To avoid such a situation, do not write your password anywhere.
- • “License plate” rule: When you want to make the license plate number or any sentence a password, limit it to eight characters. For example: We can convert the sentence “I am making short sentences now” into a password like “IMShort2S”.
- • By separating a word with punctuation marks (For example: “vega%tarian”) You can take the first-second or last character of any sentence, create a new word and use it as a password. For example: You can form the word “ycagwyw” by taking the first letters of the words in the sentence “You can't always get what you want”. You can add a capital letter and a number or two and create a password that is very difficult to crack, like “yCag5wyw”.
- • You can make it harder to crack your password by intentionally making a few typos (For example, “Protect” --> “Port7cet”).
You can create a strong password using at least a few of the above techniques. One of the best passwords is the one chosen in a way that no one but you can understand and is completely confusing to others.
Passwords That Shouldn't Be Used
Types of passwords that password crackers can easily get:
Abbreviations, planet names, terms, cartoon characters, character models, machine names, famous names, boys and girls names, movie names, numbers, short sentences, place names, sci-fi, songs, sports, surnames…
- • Words found in the dictionary
- • Words found in any dictionary (Foreign language, Medical terms, etc.)
- • Your User name
- • Your Name-Last Name
- • Your Spouse’s Name
- • Someone's first name, last name (password crackers may not know your mother's maiden name, or the name of any of your relatives. But from a list of 100,000 names, it's enough to try each one of them.)
- • Password crackers have wordlists that they use to crack passwords. These lists contain passwords that many people use. Some of those are:
- o Passwords created by adding a single character to the front/end of any word in the word group above (“8dinner”, “happy1”, 2unlimited1”).
- o In the past, it was recommended to replace some characters with similar numbers (eg 0 instead of o) as a good password creation technique, but nowadays this is no longer a good protection method with the development of password crackers' capabilities.
- o Popular passwords such as “foobar”, “xyzzy” and “qwerty” can be found in wordlists like regular words. Password crackers look for these words as well.