Password Guide

Passwords are a means of controlling access to Information Resources. Unauthorised access can compromise information confidentiality, integrity and availability resulting in loss of revenue, liability, loss of trust or embarrassment to an organisation.

Password requirements:

Passwords must:

  • Be changed when prompted
  • Be changed immediately if the security of the password is in doubt
  • Be treated as confidential information
  • Have a minimum length of 8 characters
  • Be comprised of a combination of alpha, numeric or special characters
  • Not be shared, donated or transmitted
  • Strong Password

    A strong password is constructed so that another user or a “hacker” program cannot easily guess it. It is typically a minimum number of positions in length and contains a combination of alphabetic, numeric, or special characters. Combine short, unrelated words with numbers, special characters, or mixed case. For example: eAt42peNs (remembered as “Eat for two pence”)

    Constructing a Strong Password

    A strong password is needed for a number of reasons: in short, people wishing to crack your password will use a piece of hardware, called a war-dialler which contains a batch of software. This software contains every dictionary and thesaurus written in most languages. The war-dialler then attempts to break your password by checking it against all the words it holds within the software.

    It is therefore in your own best interest, both at home and at work, to construct a strong password. This makes it less likely that the software will be able to break your password.

    Strong Password Guidelines

    Passwords should not be easily related to such personal information as:

  • your username or logon ID your employee number
  • your given name
  • names of family, friends, pets, co-workers, fantasy characters, etc.
  • your nickname
  • your social security or driver’s license number
  • your birthday
  • your car registration
  • your address or street name
  • your phone number
  • the name of your town or city
  • the name or abbreviation of your company or department
  • computer terms and names, commands, sites, companies hardware, software, etc.
  • common industry terms or acronyms
  • word or number patterns such as aaabbb, zyxwvut, 123321, etc.
  • makes or models of vehicles
  • slang words
  • obscenities
  • technical terms
  • school names, school mascot, or school slogans
  • any information about you that is known or is easy to learn (favourite - food, colour, sport, etc.)
  • words that appear in a dictionary (English or foreign)
  • the reverse of any of the above
  • the same as other passwords selected for personal use outside of the office or passwords commonly used on public web sites.
  • Most importantly, do not use the same password for everything! If you do, you are putting yourself and the trust at high risk. If your password for one site, program or system is broken, then they will all be broken – that will allow the hacker access to everything!

    Home Page
    Document Security
    Information Security
    Document Management