PASSWORD STRENGTH
No password will ever be 100% uncrackable. Given enough time and computing resources, a hacker can eventually crack any
password. The trick is to use passwords that would tie up a hacker’s time and computers for so long that it would
make the cracking effort not worthwhile.
So, what makes a good password? A strong password will employ all of the following elements:
- LENGTH – A password’s length is the single most important element for security.
The longer the password, the stronger it is. PSC requires a minimum password length of 8 characters. In general a 10
character password of any complexity will be very hard to crack and a 15 character or longer password of any complexity
will be all but uncrackable. Increasing your password’s length from 8 characters to 10 characters will require an
average of 5,476 times more work to crack.
- COMPLEXITY – PSC requires that passwords contain at least three of the following four
character types: upper case letters, lower case letters, numbers and non–alphanumeric symbols (i.e %, @, etc.).
The more variety of characters in a password, the harder it will be to crack.
- NO IDENTIFIERS – PSC will not allow you to use your username as your password. In
addition, you should avoid common default passwords, letter or number sequences and dictionary words; even words
with simple numeric substitutions (i.e. substituting zero for the letter o or 1 for the letter l).
- UNRELATED – Avoid using anything personally attached to you such as address, birth
date, phone number, spouse’s name, pet’s name, license plate number, nicknames, initials, your member
number, etc.
- CHANGED PERIODICALLY – Consider changing your password on a periodic basis (perhaps
quarterly). Although PSC does not enforce this, changing your password shortens the window available to the hacker
to crack your password.
EXAMPLES OF WEAK PASSWORDS
- Common default passwords such as “default”, “guest”, “password”, “admin”
or “root”.
- Simple keyboard sequences such as “12345678”, “qwertyui” or “abcdefgh”.
- Well known numbers such as “31415926” (pi).
- Spelling words or names backwards such as “drowssap” (password) or “htimSeoJ” (JoeSmith).
- Dictionary words such as “PghSkier” or “MogleMan”.
- Dictionary words with numbers such as “Kevin123” or “Password03”.
- Dictionary words with character substitutions such as “Bi11J0nes” or “P@ssw0rd”
- Things that can be linked to you such as “MemNum090336” or “412-555-6789”.
EXAMPLES OF ACCEPTABLE PASSWORDS
- 6G#ps!V2 – Completely random and containing upper and lower case letters, numbers and punctuation.
- MfTVsi24! – Constructed from the easily memorized sentence “My favorite TV show is 24!”
- 4S&7yaOf – Constructed from part of the well known quote “Four score and seven years age our forefathers…”