 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
 |
|
|||||||||||||||||||
 |
 |
 |
|
|||||||||||||||||
 |
|
|||||||||||||||||||
 |
 |
 |
 |
 |
 |
|
||||||||||||||
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
|
|||||||
 |
 |
 |
|
|||||||||||||||||
Recommendation for a Secure Password
Your login name, or username, allows you to access the resources and services associated with the College's network. Every time you connect, you are challenged for a string of characters known as your password for validation purposes. If someone else determines your password, they can effectively assume your electronic identity. This means that individual then has full access to your files, your email, personal information, as well as performing illegal activities in your name. Prevent these problems by choosing a strong password.
A good password
- Has both upper and lower case letters
- Has digits and/or punctuation characters as well as letters
- Is easy to remember, so they do not have to be written down
- Is more than six characters long
- Can be typed quickly, so someone else cannot look over your shoulder
Do
- Make your password as long as possible. The longer it is, the more difficult it will be to attack the password with a brute-force search. Always use at least 7 characters in your password, at least two of which are non-alphabetic.
- Use as many different characters as possible when forming your password. Use numbers, punctuation characters and, when possible, mixed upper and lower-case letters. Choosing characters from the largest possible alphabet will make your password more secure.
- Change your password on a regular basis. Changing your password every 30 days is a good rule-of-thumb, and you should never go longer than 90 days before picking a new password. Do not reuse any previous password you have used. The longer you wait before changing passwords, the more difficult it will be to get used to the new one.
Do NOT
- Do not use personal information in your password that someone else is likely to be able to figure out. Obviously, things like your name, phone number, and address are to be avoided. Even names of acquaintances and the like should not be used.
- Do not use words, geographical names, or biographical names that are listed in standard dictionaries.
- Never use a password that is the same as your username.
- Do not use passwords that are easy to spot while you're typing them in. Passwords like 12345, qwerty (i.e., all keys right next to each other), or nnnnnn should be avoided.
Try This Trick
If you are having difficulty picking a good password, one good method is to use the first letter of each word in a phrase you can easily remember. For example, "I like curry beef and spring onion" would be ilcb&so. Another method is to intentionally use misspelled words, or words with a number or punctuation mark suffixed. Examples include: braekfast, kite276, and weather. (the period at the end is part of the password). But, don't copy any of these examples!
Common Mistakes
These are too easy to guess. Don't include them.
- Your name
- Your spouse's name
- Your parent's name
- Your pet's name
- Your child's name
- Names of close friends or coworkers
- Names of your favorite fantasy characters
- Your boss's name
- Anybody's name
- The name of the operating system you're using
- The hostname of your computer
- Your phone number
- Your license plate number
- Any part of your HKID card number
- Anybody's birth date
- Other information that is easily obtained about you
- Words such as wizard, guest, password, and so on.
- Any username on the computer in any form (as is, capitalized, etc.)
- A word in the English dictionary
- A word in a foreign dictionary
- A place
- A proper noun
- Passwords of all the same letter
- Simple patterns on the keyboard, like qwerty
- Any of the above spelled backwards
- Any of the above followed or prepended by a single digit