Password Structure
Simple, yet effective way in creating passwords. This will make your passwords strong and are hard to guess. The character set plays an important role enhancing security. Therefore, the following recommendations are suggested to choose a "hard to guess" password:
1. Passwords should contain five (5) letters.
2. Passwords should contain upper-case and lower-case letters.
3. Passwords should contain three (3) numbers.
4. Redundancy should be avoided.
Example: C7iz5oL3
Not Allowed Passwords ("don't" rules)
Additionally to the rules the following recommendations are suggested:
1. Do not replace letters by digits that look similar such as "i" with "1" or "7"; "o" or "O" with "0"; "g" or "G" with "6"; "s" or "S" with "5". Example: Floppy-disk -> Fl0pPyd15k
2. Don't use any meaningful word you think is not in a dictionary, including slang, obscenity, technical terms or jargon. Examples: "poRsche914".
3. Don't use any common phrase Example: "Take3pay2".
4. Don't use simple patterns, including simple keyboard patterns or anything that someone can easily recognize if they see you typing it. Examples: "12qwASDF", "1q2W3E4r".
5. Don't use the name of any object that is in your field of vision at the workstation.
Generation of Passwords
The following methods of password generation allow the creation of "hard to guess" and at the same time "easy to remember" passwords:
1. Use the first letters of words in a memorable phrase. Obviously memorable is good, but traditional or classical is risky. Example: "I got a speeding ticket on 6th Avenue" generates "Igasto6a".
2. Use grossly misspelled and / or incorrectly written words. Example: "Can you buy it for me too?" generates "CybyI4mitu".
3. Use e.g. this particular algorithm with "cross sum." Example: phone number: 7895649 -> seven (7) digits; multiply this number with it self (7 X 7 = 49) build the sum (4 + 9 = 13) and insert this result to a freely chosen word, such as "Tuesday": Tues13day.
4. Choose two or more words randomly, and then join them with digits. Example: "cat", "dog" -> "cAt11Dog3" (The numbers "11" and "3" can represent respectively the numbers of cats and the number of dogs I have). Example: "walk", "run" -> "WalK13RuN5" (The numbers "13" and "5" can represent the numbers of km I walk respectively I run in a week). Example: "Apple", "Orange" -> "ApPle11Orange6" (The numbers "11" and "6" can represent the number of apples and orange I ate daily.
5. Use e.g. the following algorithm: Choose an easy to remember word or name, e.g. Gandalf, insert in the middle of the word the number of the current month. (e.g. February = 02) and replace a letter with the corresponding number of the alphabet. "GaN024AlF" ("d" has been replaced with "4" because "d" is the forth letter of the alphabet)
Password Storing
In addition to these tips the following recommendations are suggested:
1. When you write down your password don't identify it as being a password.
2. Any storage method should assure that the password is not recognizable as such.
3. The exception is by electronic storage of a password: storage is permitted if dedicated and certified tools with strong encryption are used.
Story Resource from HERE
Simple, yet effective way in creating passwords. This will make your passwords strong and are hard to guess. The character set plays an important role enhancing security. Therefore, the following recommendations are suggested to choose a "hard to guess" password:
1. Passwords should contain five (5) letters.
2. Passwords should contain upper-case and lower-case letters.
3. Passwords should contain three (3) numbers.
4. Redundancy should be avoided.
Example: C7iz5oL3
Not Allowed Passwords ("don't" rules)
Additionally to the rules the following recommendations are suggested:
1. Do not replace letters by digits that look similar such as "i" with "1" or "7"; "o" or "O" with "0"; "g" or "G" with "6"; "s" or "S" with "5". Example: Floppy-disk -> Fl0pPyd15k
2. Don't use any meaningful word you think is not in a dictionary, including slang, obscenity, technical terms or jargon. Examples: "poRsche914".
3. Don't use any common phrase Example: "Take3pay2".
4. Don't use simple patterns, including simple keyboard patterns or anything that someone can easily recognize if they see you typing it. Examples: "12qwASDF", "1q2W3E4r".
5. Don't use the name of any object that is in your field of vision at the workstation.
Generation of Passwords
The following methods of password generation allow the creation of "hard to guess" and at the same time "easy to remember" passwords:
1. Use the first letters of words in a memorable phrase. Obviously memorable is good, but traditional or classical is risky. Example: "I got a speeding ticket on 6th Avenue" generates "Igasto6a".
2. Use grossly misspelled and / or incorrectly written words. Example: "Can you buy it for me too?" generates "CybyI4mitu".
3. Use e.g. this particular algorithm with "cross sum." Example: phone number: 7895649 -> seven (7) digits; multiply this number with it self (7 X 7 = 49) build the sum (4 + 9 = 13) and insert this result to a freely chosen word, such as "Tuesday": Tues13day.
4. Choose two or more words randomly, and then join them with digits. Example: "cat", "dog" -> "cAt11Dog3" (The numbers "11" and "3" can represent respectively the numbers of cats and the number of dogs I have). Example: "walk", "run" -> "WalK13RuN5" (The numbers "13" and "5" can represent the numbers of km I walk respectively I run in a week). Example: "Apple", "Orange" -> "ApPle11Orange6" (The numbers "11" and "6" can represent the number of apples and orange I ate daily.
5. Use e.g. the following algorithm: Choose an easy to remember word or name, e.g. Gandalf, insert in the middle of the word the number of the current month. (e.g. February = 02) and replace a letter with the corresponding number of the alphabet. "GaN024AlF" ("d" has been replaced with "4" because "d" is the forth letter of the alphabet)
Password Storing
In addition to these tips the following recommendations are suggested:
1. When you write down your password don't identify it as being a password.
2. Any storage method should assure that the password is not recognizable as such.
3. The exception is by electronic storage of a password: storage is permitted if dedicated and certified tools with strong encryption are used.
Story Resource from HERE
0 comments:
Post a Comment