Authentication requirements are normally established by local agency policy; they should be considered the ‘lock and key’ to not only local information, but every piece of information that you have access to on your network, that’s why it is so critical that logons and passwords are kept safe and never shared—they should also be complex and difficult to guess as well as changed frequently; you should be aware that in the end if a compromise occurs using your credentials, you may be held accountable.
Creating and remembering strong passwords -- like backing up our computers' contents -- is something many of us know we should do, but don't. Having to come up with usernames and passwords for virtually everything we do on a computer is enough to make anyone use "Magic123" over and over. However, with a little time and some discipline, you can create strong passwords and do a better job managing them. You can measure the strength of your password here.
A good password is one that's hard to guess, yet easy to remember. So here are the top 10 ways to choose a password, in roughly increasing difficulty. If you don't use any of the first 5, you're well on your way. The stats are very rough estimates (for comparison purposes, an 8-character password is used for most calculations):
Default (same as none):
Many programs and services assign a default password. Change this to a new password immediately. examples: password, superuser
10 Common passwords:
god, love, lust, money, private, qwerty, secret, sex, snoopy, password
your name, initials, location (zip code), birthday, pets, license plate family/friend's names (including maiden), locations, birthdays, pets word/number combinations of any of the above Ego-related; examples: guru, master, wizard Favorite: Music (group names, albums), Fiction/Nonfiction/Comic books/characters, Movie/TV/Cartoon characters & titles Dumb Hollywood movie-people think all passwords are of this variety
Double-words; examples: kittykitty, johnjohn Funny/nonsense/jargon words; examples: wassup, bzzzzz, foobar Insults; examples: biteme, eatdirt Keyboard sequences; examples: asdfg, qweasd, poiqwe Obscene words; examples: (use your imagination) Passwords based on host name (for people with lots of passwords) for example, if the system is named 'cat' an obvious password is catpass Reversals; examples: terces, wordpass, nhojnhoj
Dictionary & Foreign Language words:
If you can find your word in a dictionary, it's not a very good password, this includes words in foreign languages.
Mixed-Case Dictionary Words (alternating UPPER-lower case letters)
examples: paSSworD, PLaceBO stats: If a word has 2 letters, there are 4 (22) ways to capitalize it (at, At, aT, AT). If a word has 8 letters, there's 256 ways. Similar combinations (2letters) apply to each word in the dictionary.
Mixed-case Word with Number(s)
examples: 9fiNgeRS, loVELy68 stats: Tacking on a number from 0-9 before or after a word gives 20 more variations to the password. Using 00-99 before or after the word, gives 200 variations.
Combining words and/or extra letters examples: GUessTHis, BiKeFisH
examples: No50WaY2, puT863MoX variant: Hacker/IRC/License-plate jargon examples: H4x0rD00dZ, UR2good4Me, FXR1stR8 stats: OK, my mind's swimming, there's somewhere around 218 trillion (628) 8-letter/number passwords. It takes an average of 5 seconds to crack this kind of password on a Windows machine; considerably longer on BSD or Linux.
Examples: qs3UIs82, k38#0J$dA Note: some programs and services only allow letters and numbers, some include dashes ('-'); the best allow any character
In general no password is un-crackable. The best you can do is make it difficult and non-trivial to determine your password. Whatever method you choose, it's a good idea to change your password often. The more important the password, the more often it should be changed. Why? If someone is attempting a brute-force attack on your password, the hope is that you're changing it to something they've already tried and found to be wrong. The longer the password, the harder it is to 'guess.
Some clever people are foregoing brute-force hacks (e.g. dictionary attacks), in favor of 'social engineering' to obtain passwords. If somebody calls or emails, requesting your password, it's a dumb idea to give it to them. Of course nobody would sticky-note a password to their monitor, or under a keyboard!