How to Pick a “Good” Password
It's important to pick a secure password. If your account gets compromised, it could expose yours, and other users' personal data to the world.
A good password is:
- Private: it is used and known by one person only.
- Secret: it does not appear in clear text in any file or program or on a piece of paper stuck to the monitor.
- Easily remembered: so there is no need to write it down and not guessable by any password cracking program in a reasonable time.
- Has a high degree of entropy, this makes it difficult for computers to guess.
In order to reach the last criteria, there are a number of ways of doing so:
- You can increase the character set
- Use both upper and lower case letters
- Use numbers
- Include non-alphanumeric characters
- And you can increase the length
- Combine multiple words in plain language
- Pass-phrases are easier to remember, and harder to guess, but can also be harder to type.
We do not currently enforce strength or entropy requirements for choosing passwords, but we require that your password is at least 12 characters. Below are some suggestions to keep in mind.
- Avoid passwords that are made up of a single word or name in any language. If it is in a dictionary or a book then anyone trying to guess your password can find it.
- Consider adding simple letter or number swaps (e.g., zeros for o’s).
- Consider adding numbers.
- Avoid your login name in any form (as-is, reversed, capitalized, doubled, etc.).
- Avoid adding any personal, easily found information about yourself (pet's name, street name, birthday, etc.)
- Avoid a password of all digits, or all the same letter. This significantly decreases the search time for password cracking software.