Train your brain: Don’t put your password on paper!

I completely acknowledge that constructing a good password can be difficult. And remembering it for some time isn’t easy, either. However, noting it down on a sheet of paper and hiding it in a drawer in your office (or even attaching a sticky note to your monitor) isn’t a valid solution. It violates CERN Computing Rules.

 

You can do better! Train your brain! Here are some hints to help you choose good passwords:

  • Choose a line or two from a song or poem, and use the first letter of each word. For example, "In Xanadu did Kubla Kahn a stately pleasure dome decree!" becomes "IXdKKaspdd!";
  • Use a long passphrase like the sentence "InXanaduDidKublaKahnAStatelyPleasureDomeDecree!" itself;
  • Alternate between one consonant and one or two vowels with mixed upper/lower case. This provides nonsense words that are usually pronounceable, and thus easily remembered. For example: "Weze-Xupe" or "DediNida3";
  • Choose two short words (or a big one that you split) and join them together using one or more punctuation characters. For example: "dogs+F18" or "comP!!UTer"

For a series of hints on how to choose a good one, please check out our password recommendations page.

Also, remember that nobody legitimate will ever, ask you for your password. Never! So, if you are asked for it by your supervisor or team leader, the ServiceDesk or somebody else (like these fake phone calls pretending to come from Microsoft), please turn them down. They must not ask for your password. Your password is yours! Instead, report this to Computer.Security@cern.ch and we will take the appropriate action. If you think your password may have been exposed or stolen, then change it here

Of course, this is valid for every other password too, e.g. those you use on Amazon, Twitter, or Facebook. However, please do not use the same password for all those sites as this can increase the risk of exposure. You can do better and use one distinct password for every site. Again: Train your brain!

If you have any questions, suggestions or comments, please contact the Computer Security team or visit us at http://cern.ch/security.

by Computer Security Team