Choosing and Protecting a Password
This is not a guide to choosing the best password in the world, and protecting it like it's your PIN number or your life. We realize that if you had to pick unique, extra-long, extra-strong passwords, for all the systems you use, and change them very regularly, and couldn't write them down... that you'd go insane. But, that's no excuse for using the name of your dog, 'password', or a string of expletives with a 1 on the end.
If anything in this document is unclear, or it takes you more than a few minutes to read it, digest it, and come up with a good new password, let us know, as it obviously needs to be made more simple.
Most people are aware of the most obvious choices of password (if you are using the names of any of your family, please change your password now!)
However, because of the availability of automated password-cracking programs, you should also avoid the following:
- Any word which appears in a dictionary (including highly technical words from your own discipline.)
- Common first names, your surname, names of pets and literary characters, dates of birth.
- Your editor name or car registration number.
- Passwords of less than eight characters (shorter passwords are easier to crack.)
- Any dictionary word slightly modified (e.g. by adding a number to the end, or changing l to 1.)
- Simple sequences such as QWERTY, LETMEIN, the name of your department or group, or an obvious name spelled backwards.
A recommended technique for choosing passwords which are hard to crack but possible to remember is:
- Choose a short sentence or phrase which makes sense to you (but is not a common saying or proverb), use its initial letters and insert a number or punctuation (preferably both) somewhere in the string. Note that you can mix upper and lower case to make any passwords harder to crack.
- For passwords, Curlie requires a minimum of eight (8) characters and maximum of 16 characters, at least one (1) letter, and at least one (1) non-letter character (this can be a numeral or any ASCII special character).
If you have an 8-16 character password, which contains at least any three of upper case, lower case, numbers and special characters, and which doesn't look like a word or your username, you're probably doing well enough. Aim for that.
- Make every effort never to share your password with anyone. If it's written down, make sure it's not for public consumption on the bathroom wall. Don't save your password on a public computer, or a computer whose administrator you do not trust. Do not tell anyone, including Curlie metas, administrators, and staff, your password, even if they request it. (Please notify the Curlie administrative team if anyone does request your password, however convincing their need sounds.)
- Use a different password for each of curlie.org, ODP::Passport, Resource-Zone, and editor-produced tools. Never supply any of these passwords to a third party or editor-produced tool, however attractive the features of the tool are. (Please notify the Curlie administrative team of any third party/editor-produced tool that requests these passwords.)
- The Curlie editor forums use a different password to your editor account.
- Any passwords that you use for Curlie systems should be different to all other systems. If you want to use the same password for the dozens of news sites that make you register to read the headlines, please go right ahead, but don't use the same password for Curlie, as we do have data that should not be shared, and if it gets leaked under your user account, it's your responsibility.
- Never re-use an old password, ever. Never use a password given as an example of a password. Never use an online password generator or pick a password from a list online.
Avoid emailing passwords, and never store them in your mailbox.
- If in doubt, change your password.
If you want more details and further advice, please see the DDP page on this subject.