Password Guidelines

From CELS IT Wiki
Jump to: navigation, search

Even when passwords are encrypted, they can be guessed or "cracked", especially when they match a dictionary word or permutation. Here is brief advice for choosing good passwords and avoiding bad passwords.

DOE 205.3 Guidelines

  • Eight (8) non-blank characters
  • A combination of
    • Letters (preferably a mixture of upper and lowercase)
    • Numbers
    • At least one special character in first 7 positions
  • First and last characters must be non-numeric
  • Must not contain your name or username


  • Something easy for you to remember with eight (8) characters
  • An acronym derived from the first letter of each word of your favorite quotation
  • Avoid using simply modified words. Horribly misspell it if you need a word to remember.

Don't Use

  • Any word in a dictionary (or simple permutation)
    • word
    • word followed by digits
    • word followed by digits followed by a single letter
    • digits followed by word
    • single letter followed by digits followed by word
  • Your name in any form -- first, middle, last, maiden, spelled backwards, nickname or initials.
  • Your username, or your username spelled backwards.
  • Your phone or office number, address, birthday, or anniversary.
  • Your license-plate number, your social-security number, or any all numeral password.
  • Any words or names spelled forwards, backwards, or in a foreign language
  • "Hacker" spellings: (eg. 43770 for "hello" or "l33t" for "elite")
  • All digits or all the same letter or letter sequences found on keyboards.
  • Passwords you have used anywhere else, or your previous two passwords here.