| DO’S |
DONT’S
|
- DO use a password that contains letters, numbers and punctuation (not all operating
systems will allow you to use punctuation characters).
|
- DO NOT use a network login ID in any form (reversed, capitalized, or doubled as a password).
|
|
- DO use a unique password for each login account you may have. If you use
the same (or extremely similar) passwords, someone who compromises one account may be able to compromise
multiple accounts.
|
- DO
NOT use your first, middle or last name or anyone else’s in any form. Do not use your
initials or any nicknames you may have or anyone else’s.
|
|
- DO
use a password with mixed-case letters. Do not just capitalize the first letter, but add
uppercase letters throughout the password.
|
- DO NOT use a word contained in English or foreign dictionaries, spelling lists, or other word
lists and abbreviations.
|
|
- DO use at least six characters, eight characters for Windows NT/2000.
|
- DO NOT use other information easily obtained about you. This includes pet names, license
plate numbers, telephone numbers, identification numbers, the brand of your automobile,
the name of the street you live on, and so on. Such passwords are very easily guessed by
someone who knows you.
|
|
- DO use a seemingly random selection of letters and numbers.
|
- DO NOT use a password of all numbers, or a password composed of alphabet characters. Mix
numbers,letters and special characters like "!".
|
|
- DO
use a password that can be typed quickly, without having to look at the keyboard. This
makes it harder for someone to steal your password by looking at your keyboard (also known
as "shoulder surfing").
|
- DO NOT use dates, for example, April, APR2004 or any other common date format.
|
|
- DO change passwords regularly. The more critical an account to network integrity (such as
root on a Unix host or Administrator on Windows NT), the more frequently the password
should be changed. This change stops someone who has already compromised an account from
continued access.
|
- DO NOT use keyboard sequences such as QWERTY or ASDFG.
|
|
|
- DO NOT use a sample password, no matter how good, that you’ve gotten from a book that
discusses information and computer security.
|
|
|
- DO NOT use the default password for any login or application. If you are given a password with
the instruction to change it as soon as you login for the first time, do it.
|
|
|
- DO NOT write a password on sticky notes, desk blotters, calendars, or store it online where
it can be accessed by others.
|
|
|
- DO NOT use shared accounts. Accountability for group access is extremely difficult.
|
|
|
- DO NOT reveal a password to anyone.
|
