Password Terminology
Types of Characters: There are four different types of characters used in making passwords. Using many different combinations of these character types greatly increases the resources needed to crack a password.
-
Upper case letters (A, B, C, etc.),
-
Lower case letters (a, b, c, etc.),
-
Arabic numbers (1, 2, 3, etc.), and
-
Special Characters = ~ # $ % ^ & * ( ) - + ` : , ?
Passwords are often the weakest link in a computer security scheme. Strong passwords are important because password cracking tools continue to improve and the computers used to crack passwords are more powerful. Passwords that once took weeks to break can now be broken in hours.
Password cracking software uses one of three approaches: intelligent guessing, dictionary attacks, and automation that tries every possible combination of characters. Given enough time, the automated method can crack any password. However, it still can take months to crack a strong password. That is why we require the use of strong passwords that include at least three of the four character types.
An Easily Broken Password is one that can be easily tied back to the account owner such as:
-
user name
-
social security number
-
nickname
-
relative's names
-
birth date
Names of places (cities or countries), all numbers, all the same letter or number, keyboard patterns (qwerty, jkl;, etc.) are insecure and easily broken.
A Strong Password is one that:
-
is at least eight characters in length
-
is not a name or dictionary word, and
-
contains at least three of the four types of characters identified above.
Creating a Strong Password
Combine short, unrelated words with numbers or special characters. For example: eAt42peN
Substitute numbers or special characters for letters. (But do not just substitute) For example: livefish - is a bad password. L1veF1sh is better and satisfies the rules, but setting a pattern of 1st letter capitalized, and i's substituted by 1's can be guessed. l!v3f1Sh - is far better, the capitalization and substitution of characters is not predictable.
Remembering Strong Passwords
Make the password difficult to guess but easy to remember. Use something to help you remember it such as the title to a favorite song (We all live in a Yellow Submarine = WaliaYS!)
You may have passwords on many different systems such as your agency's network, IA Data Warehouse, Budget Planning and Analysis System (BPAS), SWIFT, SEMA4, and Employee Self Service. Many users will choose to synchronize their password across the various systems. Even though the different systems have different requirements as listed below, it is possible to find a common denominator across all systems so that a strong password can be synchronized. For example, even if your agency's network allows users to keep their passwords for 90 days, the network probably allows more frequent changes so that users can change their passwords to conform with a thirty day requirement. Similarly, users can use a combination of Uppercase letters, Numbers and Lowercase letters to satisfy the more stringent character type requirements of other systems. Some system passwords are not case sensitive, but will allow both uppercase and lowercase letters.
Who can I tell my password to?
-
Don't tell your password to anyone!
-
Be wary of anyone who requests your password for any reason.
-
If you suspect that someone knows your password, change it immediately.
-
Don't write down your password. There are several very good, open source (free) tools that allow you to have a different password for all the different programs and websites that you deal with, without actually having to remember all those usernames and passwords available on the web. Of course this all depends on your department policies for downloading outside software.