State of Alaska, Department of Administration, Enterprise Technology Services

Departments >  Administration > ETS > Security > Security Awareness > Awareness Bulletin - Passwords

Cyber Awareness Bulletin

The following cyber awareness bulletin was issued by the State of Alaska. The information may or may not be applicable to the general public and accordingly, the State does not warrant its use for any specific purposes.

Strong Passwords

The stronger your password, the more difficult it will be for a hacker or other criminal to figure out. Below you will find some tips for ensuring that you have a strong password.

When creating a password, try to be creative. The more obscure the password, the more difficult it will be to hack. Never use passwords that include birthdays, phone numbers, or anything pertaining to your life. The most common passwords are pet's names, addresses, and parts of your social security number. They can be guessed.

PASSWORD TIP

Create a phonetic sentence using the pronounced sounds of the letters, numbers, and/or special characters.
I tend to forget ITnd24g@

Are you lost today? RuLStD?2

Use the first letter of each word in a poem or song until you have enough letters (at least 8).
JaJ$Wuth1  Jack and Jill went up the hill
HINS-nw! Help! I need somebody-now!

Intentionally misspell words.
Government Guvrmnt@2
Together 2Geth&er

Take someone else's full name that you can remember. Divide it into segments or blocks of the length you need for your password.
John Quincy Adams" John quin [drop]
Cy@D@MS3 [keep]

Take a word from the dictionary that is long enough to qualify as a password. Replace some or all of the vowels with numbers and special characters.
Mornings M$rn#NG7
Psychotic Ps#CH@tC4

Take a word that is long enough to qualify as a password, and put all of the vowels together and all of the consonants together. Add numbers/symbols.
Friends ie$FRNDS3
Douglas 3OUA&dgls

Never tell anyone else your password. If your computer is in a public place, or a place where it can be seen by people other than you, never write your password down, unless secured in a locked cabinet or safe.

There are hacking programs that try to determine another person's password by periodically trying all the words in the dictionary between a range, like 4 and 12 letters.

Some hacker programs will try to determine a password by trying successively aaaa, aaab, aaac,...up to zzz9, and then go on to five letters, then six, and so on. The longer your password is, the more time it will take a person to find it. Think about it -- using only numbers and letters, there are more than three billion possible eight-letter passwords.

It is a good idea to use a different password for secure environments, than the one you use for those that are less secure. This way if an attacker manages to find out what your "home" password is, they will not be able to follow you to work and use that information against you.

Type your login and password every time you need to use it. Do not be lazy. Do not let your computer auto fill your login or save your passwords. If your password fills in automatically, malicious individuals could have easy access to all your information.

If you are the system administrator, have your procedures state that employees must periodically change their passwords; every 45 days is a common frequency. That way, even if a hacker does get their password, it will be valid for a shorter period. Insist that they avoid changing their password from enterprise1 to enterprise2 or enterprise3, etc.

Click here for more information about using strong passwords.

Common places for keeping passwords
- BAD IDEAS! -

  • On a sticky note, stuck to the monitor.
  • On a piece of paper under the keyboard.
  • In the center drawer of the table or desk.

Password Protected Screen Savers

Having a password-protected screensaver can reduce the chance that others are able to access your data. These can be set up so that they activate after the computer has been idle for a specified amount of time (5 minutes, 10 minutes, etc).

Leaving your computer available to unauthorized coworkers or family members can jeopardize the integrity of your system and the security of your network. In addition, this could allow children to accessing the computer at times that you deem inappropriate. With this in mind, you should be cautious regarding whom you allow to access your machine.

You should note however, that someone could easily bypass the password protection on some operating systems and third party screensavers with special software that exploits the "auto run" feature that most users have enabled. This bypass can be avoided by turning off the auto run feature on your CD-ROM if you are using Windows 95, 98, or ME or if you are using a third party screen saver on any operating system.

Click here for more information about disabling auto run in Windows 95, 98, and ME.
Click here to learn how to password protect your screensaver in Windows.