Password Management - Password Creation and Maintenance

  1. Sharing passwords is a security risk.
  2. Do not divulge your password to any one.
  3. Enter your user-id and password only in the space provided for- that you are normally used to.
  4. Any changes from normal make sure there is no attempt to steal your personal information before providing it.
  5. Do not provide user-id and passwords on any page that appears as a popup when you click on a hyperlink received through email. Better practice would be to log on to the service by typing in the URL in the address bar after making sure the page opening up is from the genuine service provider.
  6. Do not store passwords in a file on ANY computer system (including Palm Pilots or similar devices) without encryption.
  7. Change passwords at least once every 90 (ninety) days.
  8. Unique Characters: An acceptable password must have at least five (5) different characters. Repeated characters can make for palindromes and make it easier to crack.
  9. Character Types: An acceptable password must have characters from at least three (3) different character types -- upper case, lower case, digits, punctuation, etc. A password that includes a sample from a rich character set is difficult to crack.
  10. Long Alpha Sequences: An acceptable password must not have an alphabetic sequence any longer than three (3) characters.
  11. Long Digit Sequences: An acceptable password must not have a digit sequence any longer than two (2) characters.
  12. Forbidden Characters: There are a few characters that will cause problems if used in a password - the "delete" character is one of the obvious ones.
  13. Writing down your password: One should never write down a password. Someone may discover the password. Make the password difficult for others to guess or crack but easy for you to memorise and remember.
  14. Passwords should not be any of the following:
    1. Dictionary words (including foreign and technical dictionaries)
    2. Name of a person or a thing, a place, a proper noun, a phone number or a vehicle number
    3. Simple pattern of letters on keyboards
    4. Any of the above reversed or concatenated
  15. One possible method for picking a good password is to make up your own acronym.
  16. Do not let your computer remember your password . Do not accept auto complete option provided by your computer/ browser.
  17. As far as possible do not use un-trusted system to access a sensitive service. If you must, change the password on the first occasion immediately thereafter from a trusted system