Skip Navigation

University of Nebraska–Lincoln

Information Security

Protecting People By Safeguarding Data.

Password Selection

Password selection is one of the most important things you can do to secure your computer. Having a weak password makes it simple for outsiders to access your computer. These guidelines should be followed for every account on your computer. Here's how a typical attacker will attempt to crack your password:

  1. NEVER use a blank password, the word 'password' or have the password be the same as your username, especially if you're connected to a network. These are generally the first three items guessed by attackers.
  2. Avoid using keyboard combinations, such as 'asdf', 'qwerty', '1234' or 'aaaaaaa' as these are also frequently guessed very quickly.
  3. Don't use easily guessed personal information, such as your name, birth date, family members' names, Social Security number, licence-plate numbers, and phone numbers.
  4. The next thing an attacker will probably try after guessing the most common passwords is a dictionary attack. To avoid this, don't use a normal word as your password. Some dictionary attacks will even check variations of words like using numbers in place of letters (such as replacing the letter o with the number 0) or having a number or symbol at the beginning or end of the word.
  5. After a dictionary attack, about all the attacker will be left with is trying a 'brute force' attack, trying every combination of letters, numbers and symbols. Most will have given up and gone after an easier target by this time, but using more types of characters, such as upper-case letters, lower-case letters, numbers and symbols will make it a much, much longer process to crack your password.

Since we've covered what not to do, here are tips for passwords that will be reasonably secure, but not impossible to remember:

The longer your password, the more secure it is, generally speaking. Try to have a password of at least six characters, preferably eight or more.

  • Method 1:
    1. Choose a couple of words that aren't directly related to each other but that you can remember. (e.g. ball, dog)
    2. Change one or more of the letters in the words to upper-case letters, numbers or symbols. (e.g. bAll, d0g)
    3. join the words with one or more non-alphanumeric symbols to get the final password. (e.g. bAll@$d0g)

  • Method 2:
    1. Choose a song lyric, quote or other sentence that you will easily remember. (e.g. "There is no place like Nebraska")
    2. Take the first letter of each word. (e.g. TinplN)
    3. Change one or more of the letters to a number or symbol, or add a symbol or number to the beginning or end. (e.g. T!npIN*)

Another note: Change your password regularly, and don't write it down and leave it in an insecure place or near your computer.

Other resources: