Password Guidelines

Even when passwords are encrypted, they can be guessed or "cracked", especially when they match a dictionary word or permutation. Here is brief advice for choosing good passwords and avoiding bad passwords.

DOE 205.3 Guidelines

• Eight (8) non-blank characters
• A combination of
  • Letters (preferably a mixture of upper and lowercase)
  • Numbers
  • At least one special character in first 7 positions
• First and last characters must be non-numeric
• Must not contain your name or username

Use

• Something easy for you to remember with eight (8) characters
• An acronym derived from the first letter of each word of your favorite quotation
• Avoid using simply modified words. Horribly misspell it if you need a word to remember.

Don't Use

• Any word in a dictionary (or simple permutation)
  • word
  • word followed by digits
  • word followed by digits followed by a single letter
  • digits followed by word
  • single letter followed by digits followed by word
• Your name in any form -- first, middle, last, maiden, spelled backwards, nickname or initials.
• Your username, or your username spelled backwards.
• Your phone or office number, address, birthday, or anniversary.
• Your license-plate number, your social-security number, or any all numeral password.
• Any words or names spelled forwards, backwards, or in a foreign language
• "Hacker" spellings: (eg. 43770 for "hello" or "l33t" for "elite")
• All digits or all the same letter or letter sequences found on keyboards.
• Passwords you have used anywhere else, or your previous two passwords here.