Creating a Good Password

Creating a Good Password

* Why are passwords important?

* How can I create a good password?

* What should I avoid When Creating a password?

Note: Remember, it is your obligation to protect information stored on Film & Media computer systems and to protect those systems from unauthorized access.

If you have any questions, concerns, or need further clarification please send email to fm.support@hunter.cuny.edu.

Account Why are passwords important?

Believe it or not, there are lots of people out in the world who try to guess or “crack” passwords in order to snoop around. We have an obligation to protect information stored on our computer systems from unauthorized access. The kind of access people have to computers in public institutions like Hunter provides many opportunities for password cracking. Creating “good” passwords and keeping them private are important elements of computer security. This means making “good” passwords that are difficult or impossible to guess or be discovered even by individuals who with mischievous or criminal intent try to guess or “crack” password in order to gain access to computer accounts or systems.

How can I create a good password?

When activating your UserID and setting or changing your password, please take into account the following password guidelines (required for Film & Media passwords, but useful for all passwords):

1. passwords must be 7 or more characters in length

2. must consist of letters (a-z and/or A-Z) AND at least one number (0-9) AND at least one special character: !@#$%^&*()_-+=[]|\;”~’,<>./?

3. the alphabetic portion of a password, taken as a whole, may not be a dictionary word proper name, or person’s initials

Examples of Good Passwords

1. You can use a phrase to generate a password:

Take the phrase “I Love To Eat Hotdogs Everyday”. Use the first letters: iltehe Apply capitalization and substitute punctuation/numbers for letters: Il2e!E

2. You can also use a common word as a seed for a password: By itself, “hotdog” makes a horrible password, but if you apply some of the tricks above (capitalization, punctuation, and misspellings) the result is a much better password: H0t!daWg. You can also use a word but substitute numbers for some of the letters, and insert a special character in a way that you’ll remember. For example, by replacing the vowels with the number 7 in the word “Spiderman,” then inserting a backslash between the syllables, the password could be “Sp7d7r/m7n”.

What should I avoid When Creating a password?

Do not use your user name, first name, or last name. Your name and user name are stored in the password file and many cracking programs use this information to generate possible password combinations.

Do not use anyone’s first name or last name. Many password-cracking programs have large name databases and can easily guess passwords based on names. Names of friends, relatives, fictional characters, etc. are commonly associated with an individual and do not make good passwords.

Passwords that use patterns on the keyboard (i.e., qwerty) are not secure. Although such passwords are easily typed, they are also easily guessed.

Words spelled backwards don’t make secure passwords. Most cracking programs try both the forward and backward representation of words in their databases, and therefore passwords of such nature are not secure.

Substituting 1’s and 0’s for l’s and o’s is not enough to make a good password. Password cracking programs have rule sets designed to break passwords that substitute numbers for letters they resemble. Similarly, passwords such as 2Good4U, although cute, are not really secure either.

Do not simply use a word followed or preceded by a number as a password. A common password-guessing algorithm adds numbers to the front or back of a dictionary word, Passwords of this form are therefore easily cracked. Non-alphabetic characters should be used throughout the password.

Do not use dictionary, or dictionary-based words as passwords. Password cracking programs have large dictionaries that they use to guess passwords. Cracking programs also have large FOREIGN LANGUAGE dictionaries, therefore, the practice of using foreign words as passwords is INSECURE.

Your password should NOT be all numbers, uppercase letters or lowercase letters, nor should it have repeating characters.

Never use a password that has been cited as an example of how to pick a good password.