System users should be encouraged to:
- Use a mix of UPPER and lower case (cAsE SensItiVe) letters.
- Not use any part of the user account name in a password. For example, if the user account name is
ScottF, then ScottF! or ScottF123 are not good ideas (even though the last is considered to be a strong password.
- Not include the user’s birth year in a password, for example
James1971.
- Not include the word
password in a password. For example, Password1234 is, technically, a strong password, but it is unsafe.
- Avoid use of dictionary words, as they are commonly tried by brute force hacking applications.
- Use characters that require typing with both hands. This helps protect against somebody watching you type your password on
a keyboard.
- Consider a string of words or a nonsensical phrase that you can easily remember, yet would be difficult to guess. For example:
Correct Horse Battery Staple #11
Remember, a good password must be easy for a user to remember, yet difficult for an attacker to guess.