TechTalk: Keep in mind when selecting passwords and PINs (03-18-94)

UpDate - Vol. 13, No. 24, Page 7
March 18, 1994
TechTalk
Keep in mind when selecting passwords and PINs:

     On the University's central computers, your password should be 6-8
characters. Your voice mail Personal Identification Number (PIN) must be at
least four digits. Your other University PINs are all exactly four digits.
     When selecting a new password or PIN, choose something that is easy
for you to remember, but not easy to guess.
     Use the entire range of characters available when you select a new
password. For example, MVS users can, and should, use both letters and
numbers in their passwords. UNIX users can, and should, use a mixture of
upper- and lower-case letters, numbers and punctuation marks in their
passwords.
     Do not select a word, name, birth date, portion of a Social Security
Number or foreign word as your computer password.
     Do not select your birth date, a portion of your current telephone
number, consecutive numbers in a sequence or a portion of your Social
Security Number as your PIN.

        * Use your age and the month you were born instead of your birth
          date.
        * Try "spelling" a word on your telephone. For example, the word
          "rich" becomes 7424.
        * Instead of using part of your current phone number, use part of
          an old phone number.
        * Choose an historical date, not your birth year. Avoid 1492 and
          1776.

Keep your passwords or PINs secure
     Remember that it is your password or PIN that keeps your accounts,
mailboxes and information secure. To keep your account and information
private, keep your password or PIN private.
     Do not share your password, PIN or accounts with other people. Doing
so is a violation of the University's policy for responsible computing.
     If given an initial password or PIN, change it during your first work
session.
     Do not write down your password or PIN.
     No University employee will ever call you and ask you for your
password or PIN to "fix" your account. If someone calls you and asks for
your password or PIN, hang up. Do not believe for a moment that the
individual is authorized to ask for this information.
                                                  -Richard Gordon

          Bad            Better
          password       password

          sugar          c6-h12o6    Try the chemical formula
                                     instead of the word.

          avanti         Ava?nt1!    Try adding an upper-case
                                     letter and some punctuation to
                                     a word or foreign word.

          72753          r7-27g?     Try adding someone's initials
                                     and some punctuation to a
                                     birth date.

          susie1         -SusiE,1    Try adding more "extras" to a
                                     word or name than just a digit
                                     or letter at the end of the word.

          boxcar9        1box9car,   Try putting numbers in the
                         box19car    middle of compound words on
                                     systems that allow only letters
                                     and numbers (e.g., MVS).

                         Dhs,"Sm!"   Use the initial letters and, if
                         iwtbyn1     allowed, punctuation of a
                                     sentence to make your
                                     password. These two examples
                                     come from, "Defiantly, he said,
                                     "Sue me!" and "I want to be your
                                     number 1."