Using Passwords

passwords.htmlTEXTDmWrÀ.Öµ˜š¼¶JÙOmBIN™ü Using Passwords

Password Use and Selection

There are a variety of ways of protecting the data in any system. Controlling who has access to the data is the first, closely followed by controlling where and how the data is stored, then by controlling when and how the data can be modified.

Computerised data systems often employ all of these controls, but providing access control through the use of passwords is the most common. Passwords are sequence of letters, numbers, and special characters which act as keys to give individual users access to computer services such as electronic mail.

Unfortunately, passwords, like bankcard PIN codes, are inherently unsafe. Even if the password has been properly selected, it still runs a risk of being stolen or otherwise lost and misused. Anyone who discovers your password has access to anything you have access to on the computer system.

It is important, therefore, to select a password carefully, update it regularly, protect it as well as you can, and notify the proper authorities (usually your system manager) when you suspect that it has been compromised or lost.

Preventing loss

Preventing someone else gaining access to your accounts via your password is basically a matter of using common sense:

Choose your password sensibly (see below) and change it regularly, preferably at least every month
Do not write your password down in a recognisable form
Do not let anyone see what you are typing as you enter your password
Do not give anyone else access to your account and, if you must, change your password immediately after the abnormal access is completed
Report any suspicious or abnormal operating circumstances to your system operator

Selecting a Password

Use a combination of normal letters (a-z, 0-9) and special characters such as @#$%^&*()_, etc. If alphabetic characters are case sensitive (upper and lower case letters are considered to be different) on your system you should use a combination of upper and lower case letters plus the other characters.
The password should be easy to remember-you should not have to write it down, at least six characters long (note that some systems ignore anything more than 8 characters), and quick to type so that people will find it hard to guess your password by watching you type in your password.
Use combinations of words with punctuation marks separating them, uncommon phase acronyms or lines from a song. These should be easy to remember, but hard to guess. (ie ev_re.1‰ sounds like everyone‰)
Avoid anything which can be easily guessed about you (names, dates, etc.)
Avoid words which can be found in a dictionary (any language)
Never use the same password twice or an easily guessed sequence such that someone would know your current password if they knew an old password

Very simple methods have been found for thinking up passwords. Numeric characters can be somewhat difficult to include, but a special number can be used to prefix or suffix a password. For example, if you are in your twenties, you could put a 2 before or after your password (unless you are trying to forget how old you are). Some other methods include:

A song line (Everybody knows the dice are loaded can become Ektdal2)
A song title (Eagle Rock could become Eagl_Rok2 or Eag.Rok2)
An album title (Hotel California could become Hot.Cal2)

The list of possibilities is endless: Book Titles, Authors, Rock Stars etc.

These methods often result in a password which is easy to remember. If you use the author of a book, all you have to do is have the book in a certain place on your shelf. You could even put a post-it note on the spine without writing on it so you know which book it is. The same method can be used with albums or even the title of a newspaper article on your wall.

Have a question? Call the IITS Helpline, (514) 848-7613, help@concordia.ca

Author:	Geoff Selig
Maintained by:	IITS Helpline © Concordia Univerity
Last updated:	17-Jul-00 11:10 AM