Bradley University Skip repetative navigation
Attending Bradley Apply Online Student Life Our Community Visit Us A to Z Index Search Home

Home

Account Management

Committees

Computer Sales

HelpDesk

Outlook Web Access

Personnel

Policies (misc)

Policies (security)

Resources/Services
 

Computing Services
Policies

Computer Password Selection Policy
May 10, 2000

Purpose

This policy provides guidelines for developing secure passwords.

Why do we Need Password Security?

One reason computers are so useful is that they can be programmed to quickly perform repetitive tasks that would be far too tedious and time-consuming for a human to do manually. One application of this is the task of guessing another person's computer password. Typed manually, each guess takes a few seconds, but even a relatively small computer can test hundreds of guesses per second.

At 500 guesses per second, it would still take over 4 million years to try all of the 72 quadrillion possible valid UNIX passwords, but a person is much more likely to have a password like "debbie" than a password like f%GX32u[. With a little logic, and a few assumptions about human nature, it is possible to write a program that keeps the number of guesses down to a manageable level.

How to Create More Secure Passwords

Many such programs have been written and are freely available. Here are a few rules to follow so that such a program cannot easily guess your password.

Your password should not consist solely of a word in the dictionary (school, campaign) or the name of a person or place (mary, texas). You may base your password on a word or a name, but you should add some numbers and/or punctuation. Do not just put one extra character at the beginning or the end (4mary, mary6, texas!). Avoid obvious replacements: s with $ (texa$); o with 0 (sch00l); i or l with 1 (campa1gn); e with 3; a with 2 or 4; or h with 4.

Other common tactics password-guessing programs try are reversing words (yram), duplicating (marymary) or reflecting (maryyram) short words, trying all the above while playing games with upper or lower case (MARY, Yram, yraM, MaryyraM, etc.), making words plural, past tense, etc., and removing the vowels. Including any form of your own login name or real name in the password is also not a good idea.

It is not that hard to pick a password that is easy to remember but difficult to guess. Combinations of words (lovemary, gotexas) are generally safe, and piecing together parts of words is even better (vactime, for vacation time). It is also not practical for password guessing programs to test multiple-digit numbers (mary358) or weird combinations of upper/lower case (tExAs). Another good way to make a hard-to-guess password is to make up a sentence and then use the first letter of each word (i.e. type ittpanp while thinking "It's time to pick a new password").




Page Managed by Mona Hutchison


Go back to the top of the page
 Go back
© 2006 Bradley University • 1501 W. Bradley Avenue • Peoria, Illinois 61625 • 309/676-7611 • AccessibilityDisclaimer