Password Creation, Do's, Don'ts, and Tips
A good password is one that is easy to remember but difficult to guess. That sounds like a paradox, but it's really not. Anything not readily decipherable or found in a dictionary works best, so be creative!
Once you've chosen a password, you must keep it a secret. Don't write it down, don't put it in a file, don't send it through electronic mail or regular mail, and don't give it out over the phone. Under no circumstances should you share your password or account with another student. Every registered student at UCO has access to their individual University records and the University computing resources. Sharing account information is against University policy.
Do…
Do take time and use careful thought when creating passwords.
Do change your password often — as in several times a year, once a month or once a quarter.
Do mix different character types. You can make a password much more secure by mixing different types of characters. Use some uppercase letters along with lowercase letters and numbers.
Do keep your password secret.
Creating a password
First, think of a sentence that you can remember. This will be the basis of your password. Use a memorable sentence, such as "I ate my dinner at Ted's" or "Aiden is now three years old." Take the first letter of each word of the sentence that you've created to form a new, nonsensical word. Using the examples above, you'd get: "iamdat" or "aintyo".
Now, add complexity by mixing uppercase and lowercase letters and numbers. It is valuable to use some letter swapping or misspellings as well. For instance, consider substituting the number 8 for the word “ate” or 3 for the word "three". There are a couple of different ways to create difficult-to-crack passwords. One is substituting letters with characters and numbers. To make it easier on yourself, try to use numbers and characters that resemble the letters they are replacing. But steer away from using straight replacements such as 1 for ‘I,i” or 3 for “E,e”, etc. There are many possible substitutions and may yield passwords like “I8mdaT” or “Ain3yo”.
As a warning, all the sample passwords listed here are now known, and should not be used by anyone.
Don’t…
Don't use "passwd" or other variations of the word, “password”, as your password. Some of the worst passwords are: dwssap, admin, 123456, and the name of your company or department.
Don't use only letters or only numbers.
Don't use phone numbers, Social Security numbers, room numbers, or license plates.
Don’t use birthdates or other dates. It is critical that you change your password from the default immediately.
Don't use the same word as your log-in, or any variation of it. Never use your account name as its password even if you mix case.
Don't use anything in your password that's personal and easy to guess. Don't use the names of your spouse, children, pets, friends or fictitious characters. You should never use personal information as a part of your password. It is very easy for someone to guess things like your last name, pet's name, child's birth date and other similar details.
Don't use any word that can be found in the dictionary — even foreign words.
Don't use passwords with double letters or numbers.
Don't use something so hard to remember that you have to write it down.
Don't use passwords made up of a single letter or repeated letters.
Don't use simple keyboard patterns such as "qwerty".
Don't use the name or description of an object that is in your field of vision at your terminal.
Don’t use real words. There are tools available to help attackers guess your password. With today's computing power, it doesn't take long to try every word in the dictionary and find your password, so it is best if you do not use real words for your password.
Don’t use your UCO account password for network or internet games. Instead, have a separate password for games.
Don’t leave your password blank. That's a surefire way to let the bad guys into your records or system.
Password Tips
At first, it may be difficult to remember your password. Did you substitute an "i" with a "1" or did you use a "1" to represent "L?" Most people will want to write the password on a piece of paper and place it underneath their keyboard or mouse pad. Or worse, they'll stick the password right on their monitor. DON’T!
To help remember the password, use it immediately. Then log in and out several times the first day. Just don't change it on a Friday or right before leaving for vacation. You could write it out several times on a piece of paper. This helps record it in your mind. Just be sure to shred the paper when done.
Invariably, there may come a time when a password has to be shared. Let's say an employee is out of town to give a presentation but left the PowerPoint file on his desktop. You will have to get his user name and password to access that file. After you open the file, change the password and give him the new password upon his return. Then, as soon as the person gets back into the office, have him change the password again. Yes, it's a lot of work but well worth it.
You are encouraged to change your passwords to personal Web sites as well — such as to banking, Internet e-mail accounts, shopping sites, and so on. Do not use the same password for all of your sites. A particularly good hacker can cause personal financial ruin by gaining access to one username and password.
This page updated Tue Jan 23 14:06:24 CST 2007