Suggestions for Password Security
The following should be considered when choosing passwords:
- should be easy to remember
- should be difficult to guess
- should not be of a fixed length but rather, at least six (6) characters long.
- should be made up of letters, numbers, and special characters. Also try to mix upper case and lower case letters. This multiplies the number of different possible combinations.
- should not be displayed when inputted
- should be changed periodically by the user
- should be forced to change by the system administrator
- should not be dictionary words, either forwards or backwards
- the degree of password complexity should be greater than the data at risk
- should not be shared with anyone or used as a group of users "generic" password
- should not be posted or written down in an unsecured location (i.e. desk drawers)
- should be immediately changed if you suspect it was compromised
- should not be known by a supervisor or other staff
- should not be the same as your user ID
- should not be names of your pets or children, phone numbers, or street addresses (or any personal information)