CLA IT Home | Service Desk | Staff | Services | Systems | Software | Documentation
 

Tips for Creating Good Passwords

Password: A memorized sequence of characters that enables a person to gain entry to a system or device.

Goal: Create a password that is easy to remember but difficult for anyone else to guess.

The best passwords:

  • Are easy to remember, so they do not have to be written down.
  • Are not a dictionary-searchable word in any language.
  • Do not use proper names, such as Washington, Harry, Purdue, etc.  
  • Do not use personal information, such as your phone number, street address, pet's names, etc. 

Further, Liberal Arts network passwords must meet the following requirements:

  • At least seven characters in length
  • Contain characters from at least three of the following four categories:
    • Capital letters ("A" through "Z")
    • Lowercase letters ("a" through "z");
    • Numbers ("0" through "9")
    • Nonalphanumeric characters (examples: !, $, #, %)
  • Do not contain all or part of the user's account name
  • Changed at least every 90 days

Humans are great thinkers, but we often find it challenging to memorize nonsensical data. One of the easiest to remember and hardest to crack password methods is the "pseudo-random password."

The actual password is generated from an easy to remember pass-phrase that is important to you. This phrase can be the words from a book that you particularly like, words from a song that you always remember with ease, or words from a statement made by a notable person. Or it can be a phrase you make up yourself.

This is the key. It is a phrase that is easy for you but which no one else will attribute to you.

For example:

Pass-phrase: My wife's birthday is April twenty fifth nineteen sixty six
Password: Mwbi@25ns6

By using single letters (some capitalized, some not) to represent words, by including numbers, and by substituting a special character for a letter ("@" instead of "A" to represent "April", in this example), you've created a password that is both secure and difficult to crack. It also meets Liberal Arts' password requirements.

Another example:

Pass-phrase: "Four score and seven years ago our fathers …"
Password: f$a7yAoF

As in the previous example, this password has a mix of upper- and lowercase letters. It has a number. And one letter ("s" for "score") was substituted with a special character ("$"). The result is a password which can't be found in any dictionary, which uses no proper names, which has no personal information, etc.

The idea in this method is that the pass-phrase, if not necessarily the password itself, is easy for you to remember. And difficult for anybody else to determine.

When the time comes to change passwords, there are a couple ways to go about it. Create an entirely new pass-phrase and an all-new password. Or change the existing pass-phrase in some way (such as "April twenty fifth is my wife's birthday"), revising your password to match.

These methods almost always generate passwords that are very easy to remember but nearly impossible to crack.

 

Adapted from ITaP's suggestions for creating good passwords:

http://www.itap.purdue.edu/security/policies/procedures/passguidlines.cfm

 
Good Passwords


College of Liberal Arts, 100 N. University St., West Lafayette, IN 47907-2067 USA
765-494-3663 • Fax 765-494-3660 • Contact Liberal Arts
www.cla.purdue.edu

Copyright © 2005, Purdue University, all rights reserved.
An equal access/equal opportunity university.
Purdue University, West Lafayette, IN 47907 USA
765-494-4600

Last updated 04-May-2006