Frequently Asked Questions
UBC Mathematics: MathNet FAQ [Good passwords]

UBC Mathematics: MathNet FAQ [Good passwords]

Question: What is a good password?
Author: Joseph Tam
Date: Aug. 24, 2012

Passwords provides a line of defense against unauthorized access to your private data. A poor password places all your information in jeopardy, and undermines the security of our network as a whole. Please choose, and use, a secure password that is not prone to trial and error guessing, and is computationally hard to find by searching all possibly passwords (i.e. brute forcing).

Secure password guidelines

  • Length: your password must be 8 characters or longer. Longer is better.
  • Complexity: your password must have a least one character that is neither a letter (A-Z,a-z), nor a digit (0-9).
  • Wordlist/dictionary: do not use passwords that can be found in any dictionary or wordlist, of any language. Even jargons.
  • Personal identifiers: do not use SINs, telephone numbers, dates, friends/family/pets names, etc.
  • Simple transformations: do not reverse ("password" -> "drowssap"), append/prepend digits or single characters ("secret" -> "secret!" or "secret5"), replicate ("blah" -> "blahblah"), or do simple substitutions (O->@, o->0, l->1, E->3, e.g. "password" -> "p@ssw0rd) to any of the above. Not all people with bad intentions are idiots -- they know these tricks too!
  • Never, never reveal your password to anyone, especially if it asked of you via Email, or requested on a web site that is unknown to you and/or outside of our domain (

Some techniques on choosing passwords:

  • Use a passphrase: "I won't eat dirt!"
  • Nonsense word: "!grianDor@"
  • Use the first/second/etc. letter from each word in a passphrase: "Tmd,u2cof" (To make dough, use two cups of flour)
  • Combine words in a non-obvious ways: "$mix%baseball#"