Choosing Strong Passwords

You use a number of passwords with your server: the administrative password, the private key password, database passwords, and so on. Your administrative password is the most important password of all, since anyone with that password can configure any and all servers on your computer. Your private key password is the next most important. If someone gets your private key and your private key password, they can create a fake server that appears to be yours, or intercept and change communications to and from your server.

A good password is one you will remember but others will not guess. For example, you could remember MCi12!mo as “My Child is 12 months old!” An example of a bad password is your child’s name or birthday.

Creating Hard-to-Crack Passwords

Some simple guidelines will help you create a stronger password. It is not necessary to incorporate all of the following rules in one password, but the more rules you use, the better your chances of making your password hard to crack. Some tips:

• Passwords should be 6-14 characters long

• Do not use illegal characters: *, “, or spaces

• Do not use dictionary words (any language)

• Do not make common letter substitutions, such as replacing E with 3, or L with 1

• Include characters from as many of these classes as possible:

  • Uppercase letters

  • Lowercase letters

  • Numbers

  • Symbols