Tips for choosing an appropriate password

This page explains the rules you will need to follow when specifying a password for your Unix account. If you have any problems or questions please contact the ITS Call Center on (02) 4221 3775 or extension 3775.

1. A password must contain 6 to 8 characters.

2. A password should have a combination of alphabetic, numeric or punctuation characters. The password is case sensitive eg: 'a' is not the same as 'A'.

3. Your password should not be based on your username (e.g. xyz01), your real name (e.g. joebl1) or any other personal information.

4. A password should not be based on a 'real' word (ie: words that can be found in a dictionary).

5. One good approach to making a good password is to create an acronym; ie. take a phrase and use the initial letters as the password e.g. "The cat sat on the mat" becomes Tcsotm. You should remember that you will need to put in some punctuation or numeric characters in order to meet the rules of the password program.

To meet this rule you can simply substitute letters like O, I or S with the numeric 0, 1 and 5 respectively. This in turn will make sure you generate a secure password. So in the example above our password Tcsotm would become Tcs0tm.

You should never use the same password for different services such as email, screen blanker or file server. If a password were compromised all your services would be open to attack.

6. Once you have chosen your password it is best to commit it to memory, otherwise write it down and put it in a secure place. Never tell it to anyone.

7. Once you have changed your password successfully you will not be able to change it again for 14 days. If you need to change your password in this period please contact the ITS Call Center.

8. Make sure you have set up your Password Reset Challenges. They allow you to recover your password if you forget what it was.

Last reviewed: 1 December, 2006