How To Form and Remember Good Passwords:
Too often, you are expected to create utterly random, complicated passwords with special characters and lots of restrictions.
The net result is ALWAYS a reduction in security because most people will write such a complicated password down in order to remember it.
Goal: Create a password that is easy to remember, but hard for anyone else to guess.
Purdue recommends using the following method for creating a password:
- Pick a phrase that is easy for you to remember, but that no one else will think about attributing to you. For example:
pass phrase: "My Wife's Birthday Is April Twenty-Fifth Nineteen Sixty Six"
pass phrase: "Four score and seven years ago our fathers brought…"
pass phrase: "It was a dark and stormy night."
- Use the first letter of each phrase to form an abbreviation. For example:
m - My
w - Wife's
b - Birthday
i - Is
a - April
t - Twenty-
f - Fifth
n - Nineteen
s - Sixty
s - Six
- abbreviated pass phrase: mwbiatfnss
abbreviated pass phrase: foscanseye (the first 2 letters of each word)
abbreviated pass phrase: iwadasn
- For added security (and usually as a requirement), change one or more of the letters into numerals and/or add punctuation to reach your new password. For example:
password: mwbi4tfns6 ("a" for "April" becomes "4", because April is the fourth month; "s" for "six" becomes "6")
password: 4scan7ye ("fo" for "four" becomes "4" and "se" becomes "7")
password: Iwad&sn! ("i" becomes "I"; "a" for "and" becomes "&"; added "!")
Any of these passwords would be easy for you to figure out, but would be a nightmare for a password cracker. The idea in this method is not that the password itself is easy to remember but that the process that you go through to arrive at it is so simple that you find yourself re-creating the same password with the process without even thinking about it.
Changing your Pseudo-random password
When the time comes to change passwords, you have a number of options. You can start over from Step 1 to change your pass phrase entirely, or you can keep the same phrase and change the order of the characters you choose from it (taking every second and fourth letter, for example). What matters is that you create very strong passwords that you can easily remember or re-create as needed.
The best place to change your Purdue Career Account password is from the link on the SecurePurdue website.
When picking passwords, avoid the following:
- Your name, spouse’s name, or partner’s name.
- Your pet’s name or your child’s name.
- Names of close friends or coworkers.
- Names of your favorite fantasy characters.
- Your boss’s name.
- Anybody’s name.
- The name of the operating system you’re using.
- Information in the GECOS field of your passwd file entry
- The hostname of your computer.
- Your phone number or your license plate number.
- Any part of your social security number.
- Anybody’s birth date.
- Other information easily obtained about you (e.g., address, alma mater).
- Words such as wizard, guru, gandalf, boiler, Purdue, Pete and so on.
- Any username on the computer in any form (as is, capitalized, doubled, etc.)
- A word in the English dictionary or in a foreign dictionary.
- Place names or any proper nouns.
- Passwords of all the same letter.
- Simple patterns of letters on the keyboard, like qwerty.
- Any of the above spelled backwards.
- Any of the above followed or preceded by a single digit.
- Password examples that have been published anywhere, including the examples in this document.
For Purdue University password requirements, please see http://www.purdue.edu/securepurdue/bestPractices/passStandards.cfm.