Passphrase Guidelines

Here are some suggestions for choosing good passphrases (or Kerberos passwords ) and static passwords. Passphrases and passwords are critical elements of network and computer security.


Kerberos password (HPCMP Systems)

  • Memorize your passphrase! This should be relatively easy. You only need one passphrase for all ARSC systems and it can be up to 255 characters long. You might develop a system or algorithm for generating new passwords.
  • Make it long... use several words, punctuation marks, numbers, etc... The basis of your passphrase can be something well-known, but give it a personal twist. Possible sources:
    • Song titles, events, people, foods, sports, compounds, planets?
    • Expressions.
    • Anagrams, palindromes, rhymes.

    Example passwords:

    1. bride. of the Father
    2. w wx wxy wxyz !!!!!
    3. lavender.ratatouille or magenta.oatmeal or green.mashed potatoes
    4. Que c'est embetant!!!

Static Passwords

  • Remembering your passwords
    • Memorize your passwords -- avoid writing them down.
    • Others may gain access to your hardware. Don't store passwords in the function keys of a terminal, the memory of a modem, or in the macros or scripts of a PC connection application.
    • Avoid storing passwords unencrypted on your system.
  • Inventing and remembering good passwords
    1. Invent a private formula. Its use will become second nature though it produces absurd looking passwords that will be unguessable by anyone else. Here are a couple of examples (don't use them -- they're no longer private!) :
      1. Example 1 -- for word lovers:

      2. Begin with words containing double letters, like llama, dizzy, apogee
      3. Replace the doubled letters with any three special characters

      Passwords generated: $*$ama , di$*$y , and apog$*$ .

      Simply pick another double-letter word to generate a new password.

      1. Example 2 -- for animal lovers:

      2. Pick 5-letter animal names, like snake, stilt, shrew , etc...
      3. Break them up using 2-digit numbers, like 11, 13, 17 , etc...
      4. End by duplicating and shifting the last letter.

      Passwords generated: sn11akeE , st13iltT , and sh17rewW .

      Pick a new animal when you need a new password.

    2. Avoid obvious passwords. Birthdays, addresses, social security numbers, names, computer names, and words found in a dictionary are easily cracked. You can use words and names, but only if you shuffle them (e.g., RED and blue --> blREDue), rearrange them (e.g., joseph --> phsejo), unglue them (e.g., mazda --> m+az-da), or otherwise obscure them. Simply appending or prepending a digit is no longer adequate.
    3. Use both upper- and lower-case letters, and anything else you find on your keyboard!

Maintaining Passphrase Privacy

  • Don't let anyone else use your account.
  • If you must share data, use Unix permission groups to let members of your group have access to your data directories. If you need help setting this up, call ARSC Consulting (907-450-8602).
  • Don't let anyone see your passphrase or watch as you type it in.
  • Lock your screen or logout whenever you leave your workstation.

Passphrase Expiration

  • Change your passphrase frequently: at least every six months.
  • Don't reuse old passphrases.
Back to Top