Gold University of Minnesota M. Skip to main content.University of Minnesota. Home page.
CSE Home | One Stop | Directories | Search U of M  
 
 

What's inside.
Account Management

CSE Wiki

E-mail

Hardware and Media

Network and Wireless

Offsite Access

Printing

Processes

Security and Passwords

Software and Tools

Systems Staff

Web Development

 

Help Home

CSE Home

 
 
 
 
 
 
  Home > Passwords and Security > Choosing a Good Password

Choosing a Good Password

Why do I have to choose a good password?

Weak passwords are easily broken by intruders with dictionary-based password cracking programs. This is a problem for system security, and thus is not allowed. Accounts with weak passwords will be closed. More information about user security is available.

How do I choose a good account password?

NOTE: Your UNIX password and your Windows password are not stored in the same place. For your protection, we highly recommend that you do NOT share passwords between your UNIX and Windows accounts. Doing so can jeopardize your account security.

UNIX passwords must be at least 6 characters long. Windows passwords must be at least 8 characters long.

Passwords should contain 3 of the 4 character types:

  1. UPPERCASE letters: A-Z
  2. lowercase letters: a-z
  3. numbers: 0-9
  4. symbols: ~`!@#$%^&*()_-+={[}]|\:;"'<,>.?/

Do not use all letters or all numbers, and do not use a dictionary word in any language or a permutation of such. Dictionaries of all languages are available online, and not all hackers speak English. Also avoid using your name, account name, common names of people or places, technical jargon, repeating sequences and keyboard sequences.

Do not use a well-known phrase to generate a password. This approach may be vulnerable to a dictionary attack using dictionaries compiled from popular media phrases. A paper entitled Human Selection of Mnemonic Phrase-Based Passwords, by C. Kuo, S. Romanosky, and L. Cranor of Carnegie Mellon University’s CUPS Laboratory explores this potential threat.

Examples:

Good Passwords (but don't use these, make your own!)

  • Mhtiasp!   Based on “My home town is a small place!
  • Mh714sp!   Based on “My home 7own 1s 4 small place!
  • .-Mcismf--.   Based on “.-Morse code is so much fun --.
  • 2Tamlamt   Based on line 2 of Shakespeare’s Sonnet #18 “Thou art more lovely and more temperate”

Bad Passwords

  • mypasswo - Obviously plain-text based (“mypassword”)
  • kathy5 - Name-based
  • ........ - Repeating sequence
  • abcabc - Repeating sequence
  • dr1v3way - Word-based with common letter/number substitution
  • gandalf1 - Based on the name of a character from The Hobbit
  • triskeli - Based on a word from Star Trek (“triskelion”)
  • ykmfptd! - Based on a quote from the movie Princess Bride: “My name is Inigo Montoya. You killed my father. Prepare to die!
 
©2009 Regents of the University of Minnesota. All rights reserved. Contact U of M | Privacy
The University of Minnesota is an equal opportunity educator and employer.   Last modified on August 9, 2007
CSE Online Help