A Quick Guide to Password Security

Your server is only as secure as your weakest password. As a rule of thumb, the more lengthy and complex a password, the stronger it is. Follow the best practices below for generating difficult to crack passwords.

DOs

  • DO Use Passwords of At Least Ten Characters: The more characters, the more difficult a password is to crack. Length is key. Create lengthy passwords of at least 10 characters!
  • DO Create Unique Passwords: Each password you use should be for a unique service (ex. cPanel, MySQL, and your bank account should all have different passwords).
  • DO Use a Combination of Character Types: Use numbers, lowercase letters, uppercase letters and symbols in your password. (ex. CneDZaJ8QG4E8!jKq3%rIOd3)
  • DO Change Your Password Often: Change your passwords at least every six months, if not every three months.
  • DO Randomly Generate the Password: Use one of the following sites to generate a secure password: Norton by Symantec, Random.org, or Random Password Generator

DO NOTs

  • DO NOT Use Dictionary Words: This one should be obvious. If your password is pizzatime, your server is probably already cracked.
  • DO NOT Use Pets, People, Places, Events, etc.: We’re absolutely sure your dog is adorable. But, her name probably isn’t a good password. Unless her name is Tmb1W\>r~ii, then that’s cool.
  • DO NOT Reuse Passwords: Let’s say your first password for an account was uevdf$fR@de*76 but you were forced to change your password, so you changed it to b4gft*hfg^RE@e~e3. If you have to change the password for that account again, do NOT go back to uevdf$fR@de*76. Create a new, unique password instead!
  • DO NOT Use Adjacent Keyboard Strings: qwerty1234 is not a good password.
Examples

BAD Passwords
awesomedog
sunshine12
coolguy18
kerri28
password
root
jasonthehoff
jimhalpert
name123
name@123

GOOD Passwords (but don’t use these)

Y53fdr#fdr*r34
Bfsr3*hgft%EW!d`~de3
&gft*g)hfgt$r3519$$5
wV56dse@dse*hg65
be5467@Fr!d^^tf55$
73ggdtr5@fdrEnuTr!fd*h)h45$r2

Remembering Passwords

A password like gftr&5E#esu7EE2!dsr)hgy6^5%4 is likely going to be difficult for most people to remember. But, a long password is difficult to crack, and can be crafted from some common piece of information. A joke, a hobby, a book/movie quote, or an interest of some sort can be used as the basis for a secure password. Take the quote, “Life — uh — finds a way,” from Jurassic Park. We can build this into a secure password by changing out some characters and adding a few numbers: L1f3-;uH;-F1nd54wAy! That’s a secure password that would be much easier to remember.

Password Managers can remember passwords for users. Keep in mind, however, that a Password Manager is a gateway to ALL of your passwords. Having one password that can access all the rest of your passwords and sites is certainly very risky, and against best practices.