5.2.1 Select a good password

• Use a combination of letters, numbers and special characters ($, *, !, etc.).

• Use the first (or second, or last, ...) letter of each word in a phrase.

• Use upper and lower case characters.

• Choose passwords that are a minimum of eight characters in length.

• Select a password your can remember. For example, use the first (or second, or last, ...) letter of each word in a phrase: "The quick fox jumped over the lazy dog" might yield a password of "Tqfj^1ld"

• Don't use a common word, a friend's name, a pet's name, your nickname, the name of your favorite team, etc. Co-workers, friends, and even casual acquaintances, may know this information.

• Use a different password for each system.

5.2.2 Keep your password secure:

• Change your password when you first receive your computer user-ID.

• Remember to destroy any paperwork that lists the account user-ID and password.

• Change your password when you suspect that someone else may know it. (Keep your password secret!)

• Change your password periodically (every sixty to ninety days).

• Never re-use an old password.

• Never write down a password:

• Do not identify a password as being a password.

• Do not attach the password to a terminal, keyboard, or any part of a computer.

• Never record a password on-line, and never send a password to another person via electronic mail.

• Destroy any paperwork that lists the account user-ID and password.

5.2.3 Don't be a victim of "social engineering"

A frequent cause of loss of password security is "social engineering" - a deliberate attempt by someone to obtain your password through deception. To prevent such loss of your password:

• Never reveal your password to anyone else.

• Help desk personnel, network managers, or computer support personnel should never have occasion to need your password to diagnose problems.

• Don't reveal your password over the telephone, via e-mail, etc.

• Make sure that no one is peering over your shoulder when you type in your password.