OVERVIEW: Strong Passwords, Guidelines and Policies
Article ID: 164 | Last Updated: Tue, Jul 25, 2017 at 3:28 PM
Tips for Creating Strong Passwords and Things to Avoid
Use these steps to develop a strong password:
- Think of a sentence that you can remember. This will be the basis of your strong password or pass phrase. Use a memorable sentence, such as "MysonAidenisthreeyearsold".
- Check if the computer or online system supports the pass phrase directly (Maximum of 25 characters for Clemson's Network).
- If the computer or online system does not support pass phrases, convert it to a password. Take the first letter of each word of the sentence that you've created to create a new, nonsensical word. Using the example above, you'd get: "msaityo".
- Add complexity by mixing uppercase and lowercase letters and numbers. It is valuable to use some letter swapping or misspellings as well. For instance, in the pass phrase above, consider misspelling Aiden's name, or substituting the word "three" for the number 3. There are many possible substitutions, and the longer the sentence, the more complex your password can be. Your pass phrase might become "MySoNAyd3Nis3yeeRsold." If the computer or online system will not support a pass phrase, use the same technique on the shorter password. This might yield a password like "MsAiy3yo".
- Finally, substitute some special characters. You can use symbols that look like letters, combine words and other ways to make the password more complex. Using these tricks, we create a pass phrase of "MySoN8Ni$3yeeR$old" or a password (using the first letter of each word) "M$8ni3y0".
Password Strategies to Avoid
Some common methods used to create passwords are easy to guess by criminals and hackers. To avoid weak, easy-to-guess passwords:
- Avoid sequences or repeated characters. "12345678," "222222," "abcdefg," or adjacent letters on your keyboard do not help make secure passwords.
- Avoid using only look-alike substitutions of numbers or symbols. Criminals and other malicious users who know enough to try and crack your password will not be fooled by common look-alike replacements, such as to replace an 'i' with a '1' or an 'a' with '@' as in "C1em$0n" or "P@ssw0rd". But these substitutions can be effective when combined with other measures, such as length, misspellings, or variations in case, to improve the strength of your password.
- Avoid your login name or any personally identifiable information. Any part of your name, birthday, social security number, or similar information about your loved ones constitutes a bad password choice. This is one of the first things criminals will try.
- Avoid dictionary words in any language. Criminals use sophisticated tools that can rapidly guess passwords that are based on words in multiple dictionaries, including words spelled backwards, common misspellings, and substitutions. This includes all sorts of profanity and any word you would not say in front of your children.
- Use more than one password everywhere. If any one of the computers or online systems using this password is compromised, all of your other information protected by that password should be considered compromised as well. It is critical to use different passwords for different systems. It is also highly recommended not to use your Clemson password on 3rd party web sites as Clemson cannot vouch for the security of that web site and any compromise of that site could expose Clemson's resources.
- Avoid using online or local storage of passwords. If malicious users find these passwords stored online, on a networked computer, or on a USB key, they have access to all your information.
Content contributed from Microsoft Web site.