To choose a secure password, use the following
guidelines:
Include both numbers and
letters in the password. Although a 6-character password that contains
only letters is secure, a 6-character password with both letters and
numbers is much more secure.
Choose passwords that
contain 6 to 10 characters. Adequate length makes passwords more secure.
You can choose a password as long as 32 characters.
Do not select passwords
from a dictionary or from your native language.
Avoid choosing words readily
associated with your computer site or yourself, such as the name of
a product or the model of your car.
Choose new passwords each
time. Do not reuse old ones.
Your security administrator may set up additional
restrictions, for example, not allowing passwords with fewer than
10 characters.
Words with a strong personal association:
your name the name of a loved one the name of your pet the name of
your town the name of your automobile
A mixed string:
492_weid $924spa zu_$rags
A work-related term: your company name a special project your work
group name
Obtaining Your Initial Password
Typically, when you learn that an account has
been created for you on the system, you are told whether a user password
is required. If user passwords are in effect, you are told to use
a specific password for your first login. This password has been placed
in the system user authorization file (SYSUAF.DAT) with other information
about how your account can be used.
It is inadvisable to have passwords that can be
easily guessed. Ask the person creating an account for you to specify
a password that is difficult to guess. If you have no control over
the password you are given, you might be given a password that is
the same as your first name. If so, change it immediately after you
log in. (The use of first or last names as passwords is a practice
so well known that it is undesirable from a security standpoint.)
Log in to your account soon after it is created
to change your password. If there is a time lapse from the moment
when your account is created until your first login, other users might
log in to your account successfully, gaining a chance to damage the
system. Similarly, if you neglect to change the password or are unable
to do so, the system remains vulnerable. Possible damage depends largely
on what other security measures are in effect.
At the time your account is created, you should
also be told a minimum length for your password and whether you can
choose your new password or let the system generate the password for
you.
Observing System Restrictions on Passwords
The system screens passwords for acceptability,
as follows:
It automatically compares
new passwords to a system dictionary. This helps to ensure that a
password is not a native language word.
It maintains a history
list of your old passwords and compares each new password to this
list to be sure that you do not reuse an old password.
It enforces a minimum
password length, which the system manager specifies in your UAF record.
