What is a good Toothbrush, erm, Password?
Do you remember the answer to the question posed in the previous issue of the Bulletin? "Your password should be treated like a toothbrush: do not share it and change it regularly!" After our last article, we received a series of questions on how to choose a good password and remember it easily… Thus, here we go.
_image.jpg?subformat=icon)
A good password is:
• private: used and known by one person only;
• secret: it does not appear in clear text in any file or program or on a piece of paper pinned to the monitor;
• easily remembered: so there is no need to write it down;
• at least 8 characters long with a mixture of at least 3 of the following: upper case letters, lower case letters, digits and symbols;
• not to be found in a dictionary of any major language nor guessable by any program in a reasonable time.
Here are some hints to help you choose good passwords:
• Choose a line or two from a song or poem, and use the first letter of each word. For example, "In Xanadu did Kubla Kahn a stately pleasure dome decree" becomes "IXdKKaspdd";
• Alternate between one consonant and one or two vowels with mixed upper/lower case. This provides nonsense words that are usually pronounceable, and thus easily remembered. For example: "Weze-Xupe" or "DediNida3";
• Choose two short words (or a big one that you split) and connect them together with one or more punctuation characters between them. For example: "dogs+F18" or "comP!!UTer'".
If you have to deal with multiple passwords, one for CERN, for Facebook, for eBay or Amazon, please do NOT reuse the same password for all sites. Instead, use different passwords for different purposes. To remember those easily, you might take your favourite music CD and apply the aforementioned rules to its songs. Alternatively, you might use one of these password management tools: KeePass Password Safe, Passwordsafe (note that usage is on your own risk. Neither the Security Team nor the IT department support those tools).
For more on passwords, including a video explaining how good passwords can be chosen, please check the Computer Security team recommandations.
If you think your password may have been exposed or stolen, then change it here and inform us.
Of course, if you have any questions, suggestions or comments, please contact the Computer Security team or visit us.
