- DO NOT choose any part of your name, or student number or other information about you that is recorded in the computer.
- DO NOT choose first or last names, even if they belong to imaginary people.
- DO NOT choose any word that can be found in any dictionary.
- DO NOT choose a run of characters from the keyboard; qwerty is NOT a secure password!
- DO NOT choose any of the above spelt backwards, or with unusual case, or repeated (like wordword), or with an extra character added. These are the most obvious things to guess and a computer can generate and check several thousand variations of your name in a few seconds.
Obviously you need to be able to remember whatever password you choose, so just choosing a random string of characters is not necessarily the best approach. One good approach is to choose one or two words that you can remember, and then distort them in some way that is hard to guess. Below are some ideas for distortions. It is a good idea to have more than one distortion as this dramatically increases the time that a computer search would require to have any hope of guessing your password.
Loc Van Huynh 2007-03-15