Making IT simple! 0844 344 1979

Papers and Articles

Choosing a Password

This very short guide was written in February 2004 to educate users of the Kaleton email and FTP services about good password practices. The principles covered equally apply to all circumstances when a password is required, such as when generating encryption keys.

When choosing a password for either your hosting or your email account it is important to make sure it is very difficult for other people to guess or crack. Hackers have access to software that will make repeated attempts to login to email and FTP accounts using every word in the dictionary as the password. Some of this software can also try words backwards, add numbers to the end etc as well.

To greatly reduce the chances of your account being compromised please bear the following in mind when choosing your password.

• Choose a long password. Your password should be at least eight characters long to be safe from brute force attacks.
• Use a mixture of numbers, upper case and lower case letters. If people only use passwords consisting of lower case letters this reduces the number of combinations required to crack them. Instead, throw a few upper case letters and digits in too.
• Do not base your password on words that appear in the dictionary. As mentioned above, hacker tools will attempt to login to an account trying every word in a dictionary file as the password. Wordlists for this purpose are available on the Internet and some of them are extremely detailed so don't think that choosing a foreign word or an obscure scientific term will necessarily be safe.
• Do not use personal information. Your password should not be based on information that people can find out such as your girlfriend's name or your date of birth.
• Do not leave your password written down. It is best if you can simply memorise your password and not keep a written copy at all. If you must write it down, at least don't leave it on your office desk or anywhere it can be stolen.
• Change your password regularly. It is a good idea to change your password once every month.

By following these principles you can greatly improve your own security and also avoid putting other users of the network at risk. If somebody compromises your account this can be the first stage of an attack on the whole system. If you want to automatically generate a password that follows the above rules you can use this handy program here.