Create a strong password

• Don't just use words or numbers - You should never use only letters or only numbers in a password. Some insecure examples include:
  • 8675309
  • Juan
  • catch me

 

• Don't use recognizable words - Words such as proper names, dictionary words, or even terms from TV shows or novels should be avoided, even if they end with numbers. Some unsafe examples include:
  • john1
  • DS-9
  • mentat123
• Do not use words in foreign languages - Password cracking programs often check against word lists that span many language dictionaries. It is not safe to rely on a foreign language to secure a password. Some insecure examples include:
  • Che Guevara
  • welcome1
  • 1dumbKopf
• Don't use hacker terminology - If you think you are elite because you use hacker terminology - also called speaking l337 (LEET) - in your password, think again. Many word lists include LEET language. Some unsafe examples include:
  • H4X0R
  • 1337
• Do not use personal information - Stay away from personal information. If an attacker knows who you are, the task of guessing your password will be even easier. The following list shows the types of information you should avoid when creating a password: Some insecure examples include:
  • Your name
  • The name of your pets
  • The names of your family members
  • Birthday dates
  • Your phone number or zip code
• Don't invert recognizable words - Good password checkers always reverse common words, so reversing a bad password does not make it any more secure. Some insecure examples include:
  • R0X4H
  • nauj
  • 9-DS
• Do not enter your password - Never keep your password on paper. It is much safer to memorize it.
• Do not use the same password for all machines - It is important that you have separate passwords for each machine. In this way, if a system is compromised, not all of its machines will be in immediate danger.

Do the following:

• Create passwords of at least eight characters - The longer the password, the better. If you are using MD5 passwords, it should be 15 characters long or more. With DES passwords, use the maximum length (eight characters).
• Mix uppercase and lowercase letters - Cpanel is case sensitive, so mix the letters to strengthen your password.
• Mix letters and numbers - Adding numbers to passwords, especially when they are added in the middle (not just at the beginning or at the end), can improve the strength of your password.
• Include non-alphanumeric characters - Special characters such as &, $, and> can greatly enhance your password (this is not possible if you are using DES passwords).
• Select a password that you can remember - The best password in the world will be of little use if you can't remember it. So use acronyms or other mnemonic devices to help you memorize passwords.

There are many methods that people use to create strong passwords. One of the most popular methods include acronyms. For instance:

• Think of a memorable phrase, such as: "It is easier to believe than to think critically."
• Then change it to an acronym (including punctuation).emfcqpcec.
• Add some complexity by substituting letters for numbers and symbols in the acronym. For example, substitute7 by and and the at symbol (@) by c:7mf @ qp @ 7 @.
• Add a little more complexity by capitalizing at least one letter, such as M.7Mf @ qp @ 7 @.
• Lastly, do not use this example password on any of your systems.

While creating strong passwords is imperative, managing them properly is also important, especially for system administrators within large organizations. The next section details good habits in creating and managing user passwords within an organization.

Creation of user accounts within the organization

If there are a significant number of users within an organization, system administrators have two basic options available to enforce the use of good passwords. They can create passwords for the user or let users create their own passwords, while verifying that the passwords are of acceptable quality.

Creating passwords for users ensures that the passwords are good, but it becomes a tiring task as the organization grows. It also increases the risk of users writing their passwords on paper.

For these reasons, most sysadmins prefer to let users create their own passwords, but they actively verify that passwords are good and, in some cases, force users to periodically change them by expiring them.