UC Santa CruzInformation Technology Services
  Home About ITS Services ITS News Policies Governance ITS Staff Site Jobs Find An Answer Feedback

Computer Security Tutorial Module 5 (Text-Only Version)

Home > IT Security Awareness > Computer Security Tutorial Module 5 (Text-Only Version)

Computer Security Tutorial (Text-Only Version)
Module 5: Passwords Strength and Security


Guidelines for Creating Good, Cryptic Passwords

Passwords should either

  • Be at least eight (8) characters in length and contain characters from at least
    3 of the following 4 categories:
    • lower case letters (e.g. a through z)
    • upper case letters (e.g. A through Z)
    • numbers (e.g. 0-9)
    • Special characters (e.g. exclamation point, question mark or slashes)

    OR

  • Be a passphrase at least 10 characters in length.
    • A passphrase is a complex password based on a memorable phrase,
      song or book title, line of poetry, etc.
    • Hint: Passphrases are harder to crack if they don't always use the first letter of each word.

Passwords should also

  • Not be a word found in the dictionary, whether spelled forwards or backwards, or a word preceded or followed by a digit (e.g., secret1, 1secret)
  • Not include User Name or Login Name
  • Avoid including personal information, names of family, places, pets, birthdays, address, hobbies, etc.
  • Avoid words that are slang, dialect, jargon, etc.
  • Avoid common keyboard sequences, such as "qwerty89" or "a b c 1 2 3"

More tips for creating good passphrases

  • Phrases shouldn't be too common (2bor!2b is pretty common!).
  • A phrase that has personal meaning but might not appear widely is perhaps best.
    • For example, the first line of your wedding vows (if you wrote them yourself) would be memorable but not widely available.
    • A random line from your favorite movie is good too.
    • Combining phrases is better still.
  • Don't use passphrases you have seen in print as examples

Password Security Standards

  • Passwords must be treated as sensitive and confidential UCSC information.
  • Never share your password with anyone else for any reason.
    • Even if they say they work for UCSC, ITS,or other campus organizations.
    • This includes co-workers and supervisors.
    • Sharing passwords is a serious breach of UCSC policy and may result in disciplinary action.
  • Passwords should not be written down, stored electronically, or published.
    • Choose passwords that you can remember without writing them down.
    • If you have to write something down, write a hint that others won't be able to decipher instead of the complete password - and store it securely .
    • Passwords providing access to restricted data should not be electronically stored or saved, including by browsers, local applications or keychains.
  • Use different passwords for your different accounts.
    • This will minimize the risk to other systems and information should one of your passwords get compromised.
  • Change initial passwords, password resets and default passwords the first time you log in.
    • These passwords can be vulnerable to guessing or to the automated programs that hackers employ to try to break into systems.
  • Verify that all of your passwords meet the password strength guidelines in this module. Change any that do not.

For More Information About Creating Good, Cryptic, Secure Passwords

UCSC Password Strength and Security Standards:
http://its.ucsc.edu/security/policies/password.php

 

Password Strength and Security Completion Certificate

Other Training Modules:

Introduction to Computer Security
Social Engineering
Internet Privacy and Security
Practice "Safe Emailing"
Ten Other Essential Security Measures
Protecting PII and Other Restricted Data
Reporting I.T. Security Incidents
Additional Information & Resources
Security Self-Test: Questions & Scenarios

Rev. January 2009