Jump to ContentJump to Navigation
Security Awarness For Everyone
Centers for Disease Control and Prevention
Site Contents
 Main Page
 Passwords
 PC Security
 Backups
 Physical Security
 Social Engineering
 E-mail Usage
 Internet Usage
 Viruses
 Software Piracy
 Who to Contact

Creating Stronger Passwords

As a basic rule, a good password adheres to as many of the following guidelines as a system will accommodate: 
(Click on any bullet item for an explanation)

While these rules may sound difficult to follow, the next page illustrates how easy it can be to use them to create effective passwords.

Explanation of tips for creating stronger passwords

Do not use familiar names

When devising a password, many people's first instinct is to use a name that they will remember such as their spouse, children, pet, or even their own. This is often the easiest password to discover or guess. Personal items in the workplace can often give easy clues to these passwords.

Avoid using commonly known facts about yourself

to top

Using common facts about yourself such as your birthday, hobbies, favorite sports teams, or other similar information will provide others with a better chance of guessing your password.

Do not use words found in the dictionary

to top

Software programs that can 'crack' a password are readily available on the Internet. These programs can find a password from a dictionary in a matter of seconds. An alternative to using a word is misspelling it or replacing letters or words with numbers or characters. This is similar to a personalized license plate. The password 'homeplate' could easily become 'homepla8'. It's just as easy to remember but would take a cracking program much longer to decipher.

Use least eight (8) characters

to top

Within certain limits, the more characters in the password, the more secure it may be. For cracking programs it becomes exponentially more difficult to crack a password with each character added. Also, some operating systems, such as Windows NT, store passwords in 'chunks' of seven characters. If the second 'chunk' is empty it is a known value and the program knows the character is less than eight characters.

Utilize letters and numbers

to top

By using a combination of letters and numbers in your password you make it much more difficult for a person or program to guess your password. You are increasing the potential character set by another 10 characters!

Use special characters, if possible

to top

Some systems allow special characters such as ! @ # $ % & to be used in a password. This not only adds to the character set available but foils many password cracking programs that may not use special characters. If the system allows special characters it is wise to take advantage of them.

Use upper and lower case letters if the system differentiates them

to top

Some operating systems can use case sensitive passwords. They can tell the difference between upper-case (capital) and lower-case letters. This doubles the quantity of letters available when choosing a password and can create a more secure password than just using lower-case.

Combine misspelled words

to top

By misspelling words you avoid a 'dictionary attack' and a potential hacker has to resort to what is referred to as a 'brute force' attempt to get a password. This means that their program must try all potential combinations of letters, numbers, and characters. This can take a great deal of time, even for a sophisticated program. See the examples on the Creating a Better Password page.

Main Password Page

Creating Vanity Passwords

 

Go to Top
 

This CD-ROM was produced April 8, 2003
from the original content of "Security Awareness for Everyone."

Copywrite 2001 Security Awareness, Inc.

Centers for Disease Control and Prevention