Strong Password Guidelines

Always Use Strong Passwords

As far as our services are concerned we deal with website hosting, domain management, email, calendar, and online document collaboration.  It’s ALWAYS recommended to use strong passwords, and our servers should be treated no differently than your financial institutions, personal computers, etc. Why give someone the opportunity to damage your site, no matter their reason, with an easily guessed password?

Strong Password Guidelines

  • Must contain at least 8 characters
  • Must contain at least 1 uppercase character
  • Must contain at least 1 lowercase character
  • Must contain at least 1 numeric character

An example may be – D9kYwm0P

Strategies to Avoid

  • Avoid sequences or repeated characters
    • “12345678,” “222222,” or “abcdefg” would be good examples of what NOT to do
  • Avoid using only look-alike substitutions of numbers or symbols
    • Criminals and hackers will not be fooled by common look-alike replacements such as replacing an “i” with a “1,” or an “a” with an “@” symbol
    • These substitutions can be effective when combined with other measures such as length, misspellings, or variations in case
  • Avoid your logon name
    • Don’t use any part of your name, birthday, social security number, or similar information for your loved ones
    • This type of information is one of the first things to try and most can be easily found from social networking sites, online resumes, or other public sources of data
  • Avoid dictionary words in any language
    • Criminals and hackers use sophisticated tools that can rapidly guess passwords that are based on words in multiple dictionaries, including words spelled backwards, common misspellings, etc
  • Avoid using only one password for all your accounts
    • If your password is compromised on any one of the computers or online system that you use, you should consider all of your other information protected by that password compromised as well
  • Avoid using online storage to store your passwords
    • If criminals or hackers find your passwords stored online or on a networked computer they then have access to all of your accounts and information

Keep Your Passwords Safe

Give it some thought. If you have mischievous children, don’t leave passwords lying around where they can find them. If you have malevolent coworkers, don’t leave passwords in your desk drawer at work. If you habitually lose your wallet or purse, don’t keep them there, either. Take whatever precautions are reasonable for your situation.

If your environment really does have spies (not necessarily KGB, CIA, or MI6 ones), you can probably write your passwords down in such a way that no one who finds them will know what they are. Make them the first letters of a grocery list, or a personal letter or memo, and if you have a password that you must carry into insecure environments, you probably don’t need to remind yourself which account it’s for, so don’t write that part down.

A Wired article, Secure Passwords Keep You Safer, describes how a dictionary attack on a password works. It’s these automated professionally designed dictionary attacks, which are based on real-world password data and psychological studies of how ordinary people create passwords when they aren’t using random ones, that you have to outsmart.