Choosing a password

How to choose your new password*

Good passwords have the following characteristics:

  • They have both uppercase and lowercase letters
  • They have digits or punctuation as well as letters
  • They are at least ten characters long
  • They can be typed quickly, so somebody cannot determine what you type by watching over your shoulder
  • They are not solely made up of:
    • Anybody's name
    • Any information relating to you or anybody else (birthday, NI number, car registration, star sign, etc.)
    • A word found in a dictionary in any language
    • Any of these spelt backwards
    • Any of these followed or prepended by a single digit

It is easy to pick a good password. Here are some suggestions:

  • Take two short words and combine them with a special character or a number, like Robot4fun! or blue-m0nkey.
  • Put together an acronym that's special to you, like N0tfsw4vl! (None Of This Fancy Stuff Works For Very Long!), auP3GCot2w (All Unix programmers eat green cheese on the 2nd Wednesday), or Ttl*HiwwUR (Twinkle, twinkle, little star. How I wonder what you are...).

Of course, all the above are now bad passwords, because they are listed here.

Please note that the following characters are allowed, and passwords must have at least three out of the four different types:

  • A - Z
  • a - z
  • 0 - 9
  • @ # $ % ^ & * - _ ! + = [ ] { } | \ : ' , . ? / ` ~ " ( ) ;

* Adapted from Web Security, Privacy & Commerce 2nd edition, by Simson Garfinkel, O'Reilly 2002.