Washington State University Libraries

Systems Office

Creating Strong Passwords


Do not use:

  • Names
    • Of yourself, including nicknames;
    • Of your spouse or significant other, of your parents, children, siblings, pets or other family members;
    • Of fictional characters, especially ones from fantasy or sci-fi stories like the Lord of the Rings or Star Trek;
    • Of any place or proper noun;
    • Of computers or computer systems
    • Any combination of any of the above.
  • Numbers, including:
    • Your phone number;
    • Your social security number;
    • Anyone's birthday;
    • Your driver's license number or license plate;
    • Your room number or address;
    • Any common number like 3.1415926 or 1.618034;
    • Any series such as 1248163264;
    • Any combination of any of the above.
  • Any username in any form, including:
    • Capitalized (Joeuser);
    • Doubled (joeuserJoeuser);
    • Reversed (resueoJ)
    • Reflected (joeuserResueoj);
    • With numbers or symbols appended (Joeuser!).
  • Any word in any dictionary in any language in any form.
  • Any word you think isn't in a dictionary, including:
    • Any slang word or obscenity;
    • Any technical term or jargon (BartleMUD, microfortnight, Oobleck).
  • Any common phrase:
    • "Go ahead, make my day."
    • "Brother, can you spare a dime?"
    • "1 fish, 2 fish, red fish, blue fish."
  • Simple patterns, including:
    • Passwords of all the same letter;
    • Simple keyboard patterns (qwerty, asdfjkl);
    • Anything that someone might easily recognize if they see you typing it.
  • Any information about you that is easily obtainable:
    • Favorite color;
    • Favorite rock group.
    • Any object that is in your field of vision at your workstation.
    • Any password that you have used in the past.

There are programs (and they are easy to write) which will crack passwords that are based on the above.


Do:

  • Change your password every three to six months. Changing once every term should be considered an absolute minimum frequency.
  • Use both upper and lower case letters.
  • Use numbers and special symbols (!@#$) with letters.
  • Create simple mnemonics (memory aids) or compounds that are easily remembered, yet hard to decipher:
    • "31aR2s2uaPA$$WDS!" for "Three-letter acronyms are too short to use as passwords!"
    • "IwadaSn,atCwt2bmP,btc't" for "It was a dark and stormy night, and the crackers were trying to break my password, but they couldn't."
    • "HmPwaCCiaCccP?" for "How many passwords would a cracker crack if a cracker could crack passwords?"
  • Use two or more words together (Yet_Another_Example).
  • Use misspelled words (WhutdooUmeenIkan'tSpel?).
  • Use a minimum of eight characters the longer the password, the more secure it is.

NEVER!!

Finally, never write your password down anywhere, nor share your password with anyone, including your best friend, your academic advisor, or an on-line consultant!

(NOTE from Cindy: write your password down if you must BUT write it down WRONG by adding some characters in the front and/or in the back and only you will know what are the right & wrong characters; or write it backwards with additional characters added as described above. Also, NEVER include your username on the same piece of paper.)