DIGITALSECURITYGUIDE information that one could easily discover about you from such sources as searching the internet. • Do not choose a password that is a word (English or otherwise), proper name, name of a TV show, keyboard sequence, or anything else that one would expect a clever person to put in a "dictionary" of passwords. • Do not choose a password that is a simple transformation of a word, such as putting a punctuation mark at the beginning or end of a word, converting the letter "l" to the digit "1", writing a word backwards, etc. For example, "password, 123" is not a good password, since adding ",123" is a common, simple transformation of a word. • Do not choose passwords less than 8 characters long or that are made up solely of numbers or letters. Use letters of different cases, mixtures of digits and letters, and/or non-alphanumeric characters. Methods for choosing passwords The single best method for generating passwords is to do the following: 1. Make up a sentence you can easily remember. Some examples: I have two kids: Jack and Jill. I like to eat Dave & Andy's ice cream. No, the capital of Wisconsin isn't Cheeseopolis! 2. Now take the first letter of every word in the sentence, and include the punctuation. You can throw in extrapunctuation, or turn numbers into digits for variety. The above sentences would become: Ih2k:JaJ. IlteD&A'ic. N,tcoWi'C! As you can see, the passwords generated by this method can be fairly secure, but are easy to remember if the sentence you pick is one that is easy for you to remember. In cases where an application allows long passwords, you could possibly use the entire phrase as your "password". Please don't use one of the sentences above to generate your password. Another password selection method If you don't wish to use the above method, the following method also generates "reasonably secure" passwords (though not quite as good as the method above) that may be easier to remember: 1. Choose two or more unrelated words such as: • unix & fun • book & goat • august & brick 2. Join the words with a non-alphabetic character or two. 3. Make at least one change (for example, uppercase a letter or add another character) to one or more of the words (preferably not just at the very beginning or end of the password). Some example passwords generated using this method: • unix+PhUn • bo!ok29goat • august,=bRICK Please don't use one of the passwords above. How long should be my password? In general, the longer a password is, the harder it is for somebody to guess or brute-force it. Password selection trades off security with convenience and the ability to remember it. Eight characters should be the absolute minimum length. SCS Kerberos passwords may of practically unlimited length (the limit is at least several hundred characters). Windows 2000 and Windows XP support a maximum password length of 127 characters. There are a few cases where you might run into password length limitations: • Some older Unix systems may only support passwords up to 8 characters, or ignore any letters after the first 8. This should not be a limitation if you login with your Kerberos password to Facilitized SCS hosts. • Some applications for reading e-mail via POP may have trouble with long (greater than 8 character) passwords. This should only affect your choice of a .mail Kerberos instance password, not your main 8