< If the navigation features on the left do not work in your browser, try the alternate help version.
Your password is like a key to your account and you need to safeguard it. Anyone who has or can guess your password can get into your account. Anyone who has your password can pose as you. Therefore, you may be held responsible for someone else's actions, if they are able to get your password.
First and foremost, NEVER give your password to anyone. "Anyone" means your coworkers, your spouse, your systems administrator. In the event of an emergency, the system administrator can change your password. Your system administrator never has a need to know your personal password.
Make your password something you can remember. Do not write it down. If you really, honestly forget your password, we can easily give you a new one. We'd rather set your password once a month because you forgot it than have someone find it written down and gain unauthorized access to your account.
Make your password difficult for others to guess. This is not as hard as it initially seems. See the section below on choosing a good password.
Here are some of the types of passwords that can easily be picked up by crackers:
Words in any dictionary.
Your user name, your real name, the name of someone in your family, Anyone's name (crackers don't necessarily know that your aunt's middle name is Agnes, but it's easy enough to get a list of 100,000 names and try each one).
Any of the above, with a single character before or after it (``8dinner'', ``happy1'').
Any of the above, capitalized ('cat'' > Cat''), reversed ('cat' > 'tac'), doubled (`cat' > 'catcat') or mirrored ('cat' > 'cattac').
Any of the sample passwords, good or bad, mentioned here.
Coming up with a good password can be difficult, so here are some guidelines to use.
Choose a password that is at least six characters long. This should be long enough to discourage a brute-force attack.
In general, a good password will have a mix of lower- and upper-case characters, numbers, and punctuation marks, and should be at least 6 characters long. Unfortunately, passwords like this are often hard to remember and result in people writing them down. Do not write your passwords down!
The license plate rule: take a phrase and try to squeeze it into eight characters, as if you wanted to put it on a vanity license plate.
Some people like to pick several small words, separated by punctuation marks of some kind.
Put a punctuation mark in the middle of a word, e.g., ``vege%tarian''.
Use some unusual way of contracting a word. You don't have to use an apostrophe.
Think of an uncommon phrase, and take the first, second or last letter of each word. ``You can't always get what you want'' would yield ``ycagwyw''. Throw in a capital letter and a punctuation mark or a number or two, and you can end up with ``yCag5wyw''.
Deliberately misspelling one or more words can make your password harder to crack.
Use several of the techniques above.
Something that no one but you would ever think of. The best password is one that is totally random to anyone else except you. It is difficult to tell you how to come up with these, but people are able to do it. Use your imagination!
This is based on http://www.cs.umd.edu/faq/Passwords.shtml, by Joe Sanjour, Andrew Arensburger, Anne Brink.