Basic password selection rules
Passwords must be:
Password must NOT be:
- All uppercase or all lowercase. (Examples: ivyleague, IVYLEAGUE, and jklasdf are not valid passwords.)
- Your PennKey username; your first, middle, or last name; or any variation thereof.
- Based on a dictionary word.
- "Dictionary" does not simply mean a standard English language dictionary — it also includes foreign language dictionaries and all kinds of specialized dictionaries that hackers use to crack passwords.
- Embedding a number or case-shift within a word does not make a valid password. Systematic password guessing attacks are sophisticated and will routinely 'crack' such passwords. (Examples: time2go, big$deal, ivyLeague, 2morrow, money$, and Ivyleague are not valid passwords.
- Composed of all numbers. Embedding decimal points, minus signs, or plus signs within a number does not make a valid password. (Example: 1-609-555-1212 is not a valid password.)
Selecting a Strong Password
- Think of a phrase that has special meaning only to you, or conversely that no one would suspect would have any meaning to you:
Chester Arthur was the twenty-first President of the United States!
- Take the first letter of each word (maintaining case) to "assemble" your password:
This is a pretty strong password, and not hard to remember if you keep the source prhase in mind. You can make it even stronger by including the punctuation and "tweaking" it a little:
Of course, since that password is published here, don't use it as your password! For additional guidance, see Managing Passwords and Passphrases.
Information Systems and Computing, University of Pennsylvania