Abeon Tech

A simple list of Dos and Donts to consider when creating new accounts or updating passwords for current accounts you have.

It may sound simple, but mistakes can often be made when in a rush or creating multiple accounts.

This post contains common good practice. Why not get into the habit of creating good passwords, before bad habits set it?

Do NOT:

1. Use your account name or any data that appears in your record in the password file.
2. Use any word or name that appears in any dictionary, reference or list regardless of case changes; especially do not use character strings that appear in password cracking tools’ word lists or bad password lists.
3. Phrases and slang with or without white space. Redundant with 2. See below.
4. Use any mythological, legendary, religious or fictional character, object, race, place or event. Redundant with 2.
5. Use acronyms. Redundant with 2.
6. Use alphabetic, numeric or keyboard sequences; many such sequences are included in cracking tools “word” lists. Redundant with 2.
7. Titles of books, movies, poems, essays, songs, CDs or musical compositions. Redundant with 2.
8. Vary the character sequences obtained from any of the foregoing items by any of the following methods:
        1. Prepend or append symbols, punctuation marks and / or digits to a word.
        2. Use words with some or all the letters reversed.
        3. Use conjugations or plurals of words.
        4. Use words with the vowels deleted.
        5. Replace letters with like looking symbols or digits.

• A -> 4
• a -> 2
• C -> (
• E -> [
• E -> {
• e -> 3
• G -> @
• h -> 4
• I -> 1
• I -> !
• I -> |
• l -> 1
• l -> !
• l -> |
• O -> 0
• S -> 5
• S -> $
• Z -> 5

6. Replace digits with like looking letters or symbols

• 0 -> O
• 3 -> ]
• 3 -> }

7. Use only the first or the last character in uppercase. Redundant with 2.
8. Use only vowels in uppercase. Redundant with 2.
9. Use only consonants in uppercase. Redundant with 2.
9. Use any personally related information.
10. Use anything you can imagine being collected into a list.
11. Use a publicly shown example good password.
12. Use great vanity license plates. In the future, may be redundant with 2.
13. Transliterate words from other languages.
14. Repeat any character more than once in a row.

DO:

1. Use at least 8 characters.
2. Include a digit or punctuation.
3. Use upper and lower case.
4. Choose a phrase or combination of words to make the password easier to remember.
5. May be two words separated by a non-letter non-digit.
6. May have non printing characters.
7. Use different passwords on different machines.
8. Change password regularly and don’t reuse passwords or make minor variations such a incrementing a digit.

The suggestions overlap as they come from different sources. Most users and some systems will have real difficulty with non printing characters.
Personally related information Most people choose passwords that are easy to remember. One way to make passwords easy to remember is to pick passwords or parts of password that are directly related to oneself. Generally these are considered to be poor password choices. Below is a list of all the personally related information that I have seen in passwords or in lists of what not to use in passwords. It’s listed in the order in which I think this information is most likely to be used in forming passwords:

1. One’s names and initials.
2. One’s account name.
3. Names of immediate family members.
4. Names, breeds or species of pets.
5. One’s birthday.
6. Family member’s birthdays.
7. One’s vehicle make, model, year.
8. Hobbies, interests and related words.
9. One’s job title.
10. Employer’s name.
11. Job related words.
12. Friend’s names.
13. Street numbers or names, city, county, state or zip code for home, work, family or friends.
14. Phone numbers for home, work, family or friends.
15. Social security numbers for self and immediate family.
16. License plate numbers.
17. Birthplace including street address.
18. University or college name.
19. College major.
20. High school name.
21. Student or employee ID numbers.
22. Serial numbers from consumer products.

1. It’s Not Glitzy, but Password Vigilence Still Vital - Network Sentry says:

   September 12, 2008 at 3:07 pm

   [...] Abe on Tech offers a more systematic listing of the dos and don’ts of password security. He starts with more than a dozen things to not do and suggestions for addressing the issues raised. He then lists eight things that should be done. The final list provides 22 things not to include in passwords. The strength of the piece is that it goes beyond the intuitive and commonly known items in each category and provides more subtle suggestions that are more likely to thwart hackers. [...]