Use a password with mixed-case letters. Do not just
capitalize the first letter, but add uppercase letters.
Use a password that contains alphanumeric characters and
include punctuation, where supported by the operating
system.
Use at least 7 characters in a password
Use a password that can be typed quickly, without having
to look at the keyboard. This makes it harder for someone to
steal your password by looking at your keyboard (also known
as "shoulder surfing").
Change passwords regularly. The more critical an account
to network integrity (such as root on a Unix host or
Administrator on Windows NT), the more frequently the
password should be changed. This change stops someone who
has already compromised an account from continued access.
DO NOT
Use a network login ID in any form (reversed,
capitalized, doubled) as a password.
Use your first, middle or last name in any form. Do not
use your initials or any nicknames you may have.
Use a word contained in English or foreign dictionaries,
spelling lists, or other word lists.
Use other information easily obtained about you. This
includes pet names, license plate numbers, telephone
numbers, identification numbers, the brand of your
automobile, the name of the street you live on, and so on.
Such passwords are very easily guessed by someone who knows
the user.
Use a password of all numbers, or a password composed of
alphabet characters. Mix numbers and letters.
Write a password on sticky notes, desk blotters,
calendars, or store it online where it can be accessed by
others.
Reveal a password to anyone.
Use shared accounts. Accountability for group access is
extremely difficult.
