|
<Previous
Password Rules
Your DND password must conform to certain rules in order to be accepted
as a valid password. If your current password does not conform to these rules,
you should change it to one that does. These rules will make it much more
difficult for someone else to guess your password. A mixture of numbers and
upper- and lower-case letters is strongly recommended. The password rules
are:
- It should be eight characters long using only numbers and upper- and
lower-case letters. Note: Passwords longer than eight
characters will not work to authenticate you with some applications used at
Dartmouth, such as Kerberos and Oracle Calendar.
- There can be no more than four characters in sequence (e.g.,
12345 or abcde are not allowed).
- It must contain at least five different characters (e.g.,
2a3a2a3a only contains three different characters so is not
allowed).
- It cannot be a word found in the dictionary, including foreign
languages (e.g., password).
- It cannot be a reversal of a word found in the dictionary (e.g.,
drowssap).
- It cannot be a word found in the dictionary, plus one additional character
either before or after the word (e.g., xalgebra or
algebrax).
- It cannot be a word found in the dictionary with numbers substituted for
look-alike letters (e.g., passw0rd or
pa55word).
- It cannot be a word found in the dictionary minus any punctuation, symbols,
or numbers (e.g., oclock or soninlaw).
Password Recommendations
Passwords present a dilemma; they need to be functionally strong, while easy
to remember. One important characteristic of strong passwords is that they have
meaning to you (and can be remembered), but not for others. Insecure passwords
can be easily obtained by hackers using techniques such as automated
trial-and-error guessing of your password using a dictionary list.
The following techniques, in addition to the rules above, will help you
create passwords that are strong and can be remembered.
Do not:
- Rely on a blank password.
- Use information that can be found in other places on your computer. For
example, when you set up your computer, you are asked for your name. If you
enter your name as John A. Doe, your initials should not be
used as a secure password.
- Use information that can be easily associated with you (your Social
Security Number, license plate number, your pet's name, favorite sports team,
etc.).
- Use any well-known word from a movie or book.
- Use a password that has been given as an example in this or in any other
document.
Do:
- Use a password that is eight characters in length.
Note: Passwords longer than eight characters will not
work to authenticate you with some applications used at Dartmouth, such as
Kerberos and Oracle Calendar.
- Use a password that is easy for you to remember, but also provides good
security.
- Use passwords that are a combination of numbers and letters. Avoid
using special characters such as ! & / *.
- Use passwords that contain both upper- and lower-case letters. Since
passwords are case-sensitive, this will provide additional security.
All of the above rules and recommendations seem to contradict the
concept of "easy to remember," however, there are a couple of "systems" you can
use to choose strong passwords.
- Personal Acronyms: Choose a phrase that has some meaning
to you and make an acronym out of it. The best laid plans of mice and
men becomes tblp0mAm.
- Made-up Words: Make up a word that is "pronounceable,"
such as Shagryl5 (shag-ril five).
- Blend words: Interleave the letters of two short words.
For example dead cat 9 would become
dceaatd9.
<Previous
|
