Password strategies
A weak password provides little protection against malicious attack. Sensible password management can reduce this risk. Passwords should be:
- 10 characters or longer
- a mix of upper and lower case
- a mix of alphabetical, numeric and punctuation symbols
- not someone's name (including your own name, your children's names, your siblings' names, your parents' names, or your pet's name)
- not your birthdate or wedding anniversary
- not your telephone number or email address
- not your home or business address, or any part of it
- not your favourite food, drink, pop star, movie etc
- not a series of consecutive numbers, or any kind of obvious number combination
- not a word in a dictionary
- not used on another service
- not written down (except perhaps in a secure location)
- not easily guessable
- not easily forgettable
- changed every so often
Tricky passwords can be remembered by breaking them up into groups of characters, or making a sentence out of it, with each letter being the first letter of the word. For example: a password of TCITHSOTM is simple to remember - that's The Cat In The Hat Sat On The Mat, of course!