How do I generate "Good" passwords    Do and Don't of Managing Your Password Techniques for Generating "Good" Passwords Do and Don't of Managing Your Password    There are some key points you need to remember to protect yourself and your account. If you take a close look at following "do and don't,", they are basically flat out good common sense. (However, we're living in an era when "good" common sense becomes a rare commodity) Remeber, 99% of security compromise is resulted from careless holes in user's side not from outside hackers. Remember, "security" means preventive proactiveness, and you should never be confused it with "scooping aftermath." NEVER give your password to *ANYONE* The whole purpose of having a password in the first place is to ensure that *NO ONE* other than you can use your account. NEVER write your password down Especially never write your password anywhere near your computer. NEVER let anyone look over your shoulder          when you enter your password "Shoulder surfing" is the most common way that accounts are hacked. Here's a common sense password etiquette you may take a look. NEVER e-mail your password to anyone Sounds so evident however you'd be really surprised to find out how many people completely disregard the security when e-mailing. Remember, your e-mail is by nature a unencrypted, text file that anyone can read if one can get a hold on yours. DO change your password on a regular basis There is no better way to thwart a would-be hacker/cracker than to change your password as often as possible. Your system administrator should be able to tell you your system's recommendation on how often you should change your password, but a good rule of thumb is to change it at least every three to six months. (I do agree with you on that this is such a hassle, however) DON'T pick a password that is found in the dictionary When you set your password, it is encrypted and stored into a file. It is really easy for a "hacker/cracker" to find your password by encrypting every word in the dictionary, and then looking for a match between the words in his encrypted dictionary and your encrypted password. If he finds a match, he has your password and can start using your account at will. NEVER use your user id as your password This is the easiest password to crack. Yet sounds unbelievable, quite number of users are still doing it. If you're one of them, change your password right now! DON'T choose a password that relates to you personally          or that can easily be tied to you Some good examples of BAD passwords are: your name, your wife/husband/sons/daughters' names, your relatives' names, your dogs/cats/pets' names, nicknames, birthdates, license plate numbers, social security numbers, work ID numbers, and telephone numbers. No, this is about neither dealing with an espionage case nor getting "eternally" paranoid. It is just a good common sense! DON'T use passwords that are foreign words The hacker can get a foreign dictionary, and ... DO use a password that is at least . . . eight characters long and that has a mix of letters and numbers. The minimum length of a password should be no shorter than six characters long. NEVER use the same password on different systems or accounts Another common mistake that we all make. Think why you're using a password in the first place. ALWAYS be especially careful when you telnet or rlogin . . . to access another computer over the Net. When you telnet or rlogin, your system sends your password in plain text over the Net. Some crackers have planted programs ("snoopers") on Internet gateways for the purpose of finding and stealing these passwords. If you have to telnet frequently, change your password just as frequently. If you only telnet occasionally, say, for a conference trip out of state/oversea, set up a new password (or even a new account) just for the trip. When you return, change that password (or close out that account). Techniques for Generating "Good" Passwords    Never trust anybody who says "Trust me." Except just this once, of course. - John Varley The best passwords - the ones that are the easiest for you to remember, and the ones that are the hardest for crackers to crack - are passwords that are like those fake words you used to create when you would cram for a test. For example, to remember that "the Law of Demand is the inverse relationship between price and quantity demanded," I created the word tLoDitirbp&qd. No one could hack that as a password. Best of all, it is EASY to remember (well, its easy for an Economist to remember). Here an example for generating good passwords: Sentence Possible password a big fat Pig would have 9 wings abfPwh9w In 1995 we had SNOW in Norfolk I95whSiN he got 12,000 dollars from lottery, NOT! hg12KflN! Sentences are easy to remember, and they make passwords that are nearly impossible to break (and please do NOT use these sample passwords as your own password). If you notice weird things happening with your account: Change your password IMMEDIATELY! Let your system administrator know about it. It is very common for someone, whose account has been hacked, to dismiss the signs as technical problems with the system. If your account has been hacked AND if you don't take any measure immediately, not only will they have access to your personal files - delete all your files, modify important data, read your private correspondence, and send mail out in your name -, it very often puts the security of the entire system at risk.