Desktop Security Home | Basic Security Page | Previous Step | Next Step>

Basic Security - Use Strong Passwords for All of Your Accounts

If you need assistance implementing this step, please contact the ITU Support Center at (703) 993-8870.

How (for Windows and Mac):

Creating a Strong Password

1. Create a password that contains upper and lower case letters, combined with numbers, punctuation, and/or symbols.
2. Be sure to place the numbers, punctuation, and/or symbols throughout the password, not only at the beginning and end.

How am I supposed to remember such a password? 

1. Choose a line or two from a song, poem, literary title, or use an affirmation. Create by using the first letter of each word. For example, "To Be Or Not to Be" with numbers and punctuation becomes T+b0N2b.
2. Use an affirmation "I am willing to change my mind" becomes i@w2cM+m

WARNING: Do not use these examples!

Guidelines on what to avoid:

1. Avoid using a word contained in any dictionary, spelling list, or other word list in any language.
2. Avoid using personal information. For example: your name, your user ID, the name of a spouse, child, friend, or pet.
3. Avoid using personal information that may be easily obtained, such as license plate numbers, telephone numbers, social security numbers, the brand of your automobile, the name of the street you live on, etc.
4. Avoid using simple transformations of a word such as reversing the spelling, changing uppercase to lower-case or vice versa, or using all capitalization.
5. Avoid using a password shorter than six characters. This increases the number of possible password combinations a hacker would have to guess.
6. Watch out for anyone trying to shoulder surf. (When someone watches you type in your password so that they can use it later.)
7. Never type a password, such as a bank account pin, into a non-SSL or non-https encrypted page.

Why?

Hackers use special programs that attempt to find your password by running through all words in a dictionary (programs have dictionaries in most languages), every common proper name, every sequence of 1-12 numbers, and various combinations of these. Once they have your password, they control your computer.

Your user ID and password identify you (authenticate who you are) and your access rights (authorization-what you have permission to see and do) to data on a server.
If someone stole your password, that person could pretend to be you (identity theft) while doing unauthorized and/or illegal activities online.