How to choose a good password


Password protection has been used for several years to control access to mainframe computer systems. More recently, passwords have also been implemented in the Personal Computer and Local Area Network (LAN) environments.

What is a password? Your computer password is your personal key to a computer system. Passwords help to ensure that only authorized individuals access computer systems. Passwords also help to determine accountability for all transactions and other changes made to system resources, including data. If you share your password with a colleague or friend, you may be giving an unauthorized individual access to the system. What if the individual gives your password to someone else? What if some of your files are deleted or otherwise rendered unusable? Are you willing to take the blame if an unauthorized individual uses your access privileges to damage the information on the system or to make unauthorized changes to data?

Authentication of individuals as valid users, via the input of a valid password is required to access any shared automated information system. Each user is accountable for the selection, confidentiality and changing of passwords required for authentication purposes. Since you are responsible for picking your own password, it is important to be able to tell the difference between a good password and a bad one. Bad passwords jeopardize the information that they are supposed to protect. Good ones do not.

Note: Do not use any of the password examples shown in this document.

Following are some simple rules you should keep in mind about passwords.

  • The best password is one which is a random combination of numeric and alphabetic characters.

    Example:

    48KK439V

  • On systems which allow both upper case and lower case letters, use a combination of upper and lower case characters for your password.

    Example:

    4*hk8LP9

  • Finally, please remember that there is no need to share IDs and passwords. Anyone who needs and qualifies for access to a computer system should submit a request for his or her own LogonID and password.