Password Security is an important part in protecting the data of
our organization. Current Policy
(CCC, 2004) requires a password to have a minimum of 8
characters and be strong. Changes in technology and the speed with
which passwords can be cracked, has led to changes in minimum
password strength recommendations.
The strength of a password is measured in how effective it is at
resisting guesses and brute-force attacks. Password complexity is
one method of creating a strong passwords.
We recommend using the 10-4 Rule
Passwords should contain a minimum of 10 characters that are composed of
characters from each of these four groups:
- Uppercase letters (e.g., A, B, C, Y, Z, etc.)
- Lowercase letters (e.g., a, b, c, y, z, etc.)
- Special characters (e.g., ! @, #, $, %, ^, &, etc.)
- Numbers (e.g., 1, 2, 3, 4, 5, etc.)
For example this is a strong password: "Ird@7HPbk$
A frequent complaint of users is the inability to remember
passwords. Often users will write them down or store them in a way
that would be considered a security risk. One method to overcome
this challenge is to use a memory technique such as a passphrase.
Using the example, "Ird@7HPbk$
Try remembering: "I read all 7 Harry Potter
Weak Passwords Contain:
- Dictionary words (e.g., computer, work) or common names (e.g., Betty, Fred,
- Portions of associated account names (e.g., user ID, login name).
- Consecutive character strings (e.g., abcdef, 12345).
- Simple keyboard patterns (e.g., QWERTY, asdfgh).
- Generic passwords (i.e., password consisting of a variation of the word
“password” [eg., P@ssw0rd1]).
Important Dos and Don'ts
- Do not share your passwords
- Avoid writing passwords down
- Change your password if you think it has been compromised
- Use different passwords for all your accounts
- Use a Password Manager