Subject: Picking an unguessable password Here are some guidelines for choosing a password that cannot be guessed: DON'Ts + DON'T use your login name in any form (as-is, reversed, capitalized, doubled, etc.). + DON'T use your first, middle, or last name in any form. + DON'T use your spouse's or child's name. + DON'T use other information easily obtained about you. This includes license plate numbers, telephone numbers, social security numbers, the make of your automobile, the name of the street you live on, etc. + DON'T use a password of all digits, or all the same letter. + DON'T use a word contained in English or foreign language dictionaries, spelling lists, or other lists of words. + DON'T use a password shorter than six characters. DOs + DO use a password with mixed-case alphabetics. + DO use a password with non-alphabetic characters (digits or punctuation). + DO use a password that is easy to remember, so you don't have to write it down. + DO use a password that you can type quickly, without having to look at the keyboard. Methods of selecting a password which adheres to these guidelines include: + Choose a line or two from a song or poem, and use the first letter of each word. + Alternate between one consonant and one or two vowels, up to seven or eight characters. This provides non- sense words which are usually pronounceable, and thus easily remembered. + Choose two short words and concatenate them with a punctuation character between them. + Be aware that only the first 8 characters of a longer password are actually used, so even if the entire password is cryptic, the first 8 characters may not be. Users should change their password periodically, usually every three to six months. This ensures that an intruder who has guessed a password eventually loses access.