Password Policy
Choosing A Secure Password
In order to make it harder for people to guess your
passwords please keep in mind the following advice:-
- Don't use dictionary words - All real
words are easy to guess. Avoid using any words, words in
foreign languages, swear words, slang, names, nicknames,
etc.
- The names of family, friends and partners, anniversary
dates, car registrations and telephone numbers are the first
thing potential crackers will try when guessing your
passwords.
- Instead try to pick acronyms, mnemonics, random
letters, etc, or insert non-alphabetic
characters in the middle of the word,
replace letters with numbers (o to zero, I
to 1, E to 3), etc.
- Use a mixture of UPPER and lower case on case sensitive
systems. Example PaSsWoRd
- You must include a number (0-9) somewhere in the
password. Try to fit this in somewhere inside whatever
letters you choose, instead of at the end or beginning of the
password.
- If possible include a symbol
(£$%&^*+=) somewhere in the password.
- When changing passwords, change more than just the
number: perhaps move its position within the password, add or
subtract letters, change capitalisation, etc.
- However, choose something you can
remember. This is very important; it is no good
having a password like h498cj3t34 if you have it written on a
Post-It Note stuck to your monitor! If you must have a
reminder or hint, use something cryptic that only you can
understand.
- Never tell anyone else your password or allow
them to log in as you. Avoid telling anyone your
password on the telephone, hackers often ring up pretending
to be from the Information Technology Department and ask for
your password. If it is necessary to provide your password to
someone else to allow a fault to be fixed, ensure that they
are genuine members of Information Technology Department
first.
- Try to avoid letting other people watch you key your
password in. Choose something that is not easy to guess from
watching, like "qwerty12345".