How to select a good password

What's a passphrase and what's a password?

A password is shorter (less than 10 characters) and has different requirements than a passphrase. A passphrase is similar to a password but is longer, can use dictionary words, is easier to remember, and is more secure.

First, there are a number of things that a good password is NOT. None of the following should ever be used:

  • Your name.
  • The name of your spouse, child, pet, etc.
  • Anyone's name (real or fictional).
  • Any word in an English dictionary.
  • Any word in a foreign dictionary.
  • Any word that is printed, published, or written down anywhere by anyone.
  • Your phone number, address, SS#, birth date (or those of anyone you know).
  • A place.
  • A proper noun.
  • A string of the same letter (like aaaaaaa).
  • Simple keyboard patterns (like asdf or qwerty).
  • Any of the above with a single digit or symbol before or after it.
  • Any of the above backwards.

Now, a good password DOES have the following properties:

  • Both upper and lowercase letters.
  • A mix of letters, symbols, and numbers.
  • Easy to remember (so it doesn't have to be written down).
  • The length depends on the system you are using. (see above)
  • Can be typed quickly so someone standing behind you won't be able to easily see what you're typing (often called "shoulder surfing").
  • Known by you AND ONLY YOU.

It may sound hard, but coming up with a secure password isn't that difficult. For example, take two short words and combine them using a symbol like "bot4mine" or "eye-con". Even better, capitalize some of the letters. Or, make up an acronym that means something to you or reminds you of a phrase. For example, "Twinkle, twinkle little star." Take the first letters, reverse the word star, swap in a #1 for the "l" and a #5 for the "s" (same approximate shape) and you get "Tt1rat5". It looks totally random, and is nearly impossible to figure out, but you have a mnemonic to help you remember it.

NEVER write a password/passphrase down anywhere.

Finally, note that the examples "bot4mine", "eye-con", and "Tt1rat5" are all now bad passwords because they are written down somewhere (in this message).

As always, if you have questions about using any supported software product on Calvin's campus please call the HelpDesk at x6-8555, or contact the HelpDesk at helpdesk@calvin.edu.