Passwords

It is essential that you pick a good password for your user account. You might not have anything of any importance on the ISG systems but others do! Any system is as strong as it's weekest link and you are responsible for your account and anything that happens from that account.

To try and encourage people to pick decent passwords ISG has a password complexity policy in force. This policy enforces a minimum number of characters and ensures a mixture of character types.

Policy


		A) Minimum of 6 characters
		B) Not part of your name or username
		C) Must contain at least 3 of the 4 types of character
				1) Upper Case (e.g. ABCDE)
				2) Lower Case (e.g. abcde)
				3) Numbers (e.g. 12345)
				4) Non Alpha Numeric (e.g. !"£$%^&*?)


Even with the Password policy in place it is still possible to pick a rubbish password. In the last hour the password cracker has found 40 passwords in the domain all of which meet the complexity requirements. Some of the discovered passwords look like a reasonable choice but are still to close to dictionary words, others are ridiculous and will have to be changed next time the user logs on.

Selecting a Password

  • The best passwords are not based on real words or are based on very obscure ones. Place names & Sports Teams are sure to be in the dictionary, as are sequences like abcd, 1234 and qwertyuiop
  • Look at the password on your user registration form that you got from the computer centre. This is generated by a program that makes up an imaginary word that is pronouncable but is not real. Very few of these passwords are cracked quickly despite their simplicity.
  • By using something Pronouncable your password is easier to remember
  • Try replacing O's with 0's and I's and L's with 1's or !'s