CIS Help
Request Form

A Good Password Is Hard to Crack, But Easy to Remember

Ok, so helping to improve computer security at the Lab didn't top your list of New Year's resolutions. But you can still do your part — just by rethinking your computer password and coming up with a string of letters and numbers that are easy for you to remember, but hard for others to compile.

Berkeley Lab's Computer Protection Program Manager Jim Rothfuss says that the best password is one that makes sense to you (making it easy to remember), but sounds like nonsense to others (making it hard to guess). Rothfuss suggests taking a phrase you like (such as a song lyric or line from a play) and then using the first letter of each word, subsituting a number instead of a letter if appropriate. For example, Hamlet's "To be, or not to be, that is the question" could be 2bon2btitq. The Beatles' "Got to get you into my life" could be G2gUn2ml.

Other suggestions for creating a password include:

• Use a minimum of eight characters and combine letters and numerals. Use both upper and lower case letters in your password. Adding special characters, such as #,& and $ make your password even harder to crack.
• Your password shouldn't be a word found in a dictionary.
• Don't use your nickname or a word associated with you or your work.

"Hackers use a lot of different resources to try to figure out passwords — including foreign dictionaries and directories," Rothfuss said. "The ideal password is one that exists only in your mind."

To make your password even more secure, Rothfuss suggests changing it regularly, such as every three to six months.

More suggestions can be found here.