National Aeronautics and Space Administration

Glenn Research Center

Password Tips

Easy-to-guess user passwords are one of the easiest ways hackers can gain “authorized” access to a computer system, especially if they figure out or know your user ID. Using the same password for more than one system or program is not a good practice. Once one password is obtained, the rest are compromised.

Using a single password is the equivalent of using a single key for your car, house, mailbox, and safety deposit box — if you lose the key, you give away access to everything. If your password is compromised on one system, using different passwords on different systems will help prevent intruders from gaining access to your accounts and data on other systems. For example, system managers should use different passwords for their personal account and their privileged account. If the personal account password is accidentally revealed, the privileged account is still protected. It is also bad practice to use the same passwords at home as you do at work. Similarly, a home user should use different passwords for e-mail accounts and online banking and/or shopping sites.

  • If you can’t create an encrypted file, create a cheat sheet that contains a list of your accounts and password clues that trigger your memory. Don’t write down the actual password, but if you absolutely have to, store it in a locked cabinet or drawer.
  • To avoid using an unsecure password, create a passphrase. A passphrase is a sentence in which you select the first letter of each word as your password. Depending on the password criteria of a system (maximum length of a password, acceptable symbols, etc.), a passphrase can also be an entire sentence with numbers and symbols added. (Don’t select phrases that are common to everyone.) The longer you can make your password, the harder it is for a hacker to crack it!
Phrase Passphrase Password
This is how to create a secure password! Thi$ish0w2cre8aSecurePw Tih2C@sPw!
My favorite sport to play is football Myfa4oritesport2playi$football! Mfs2piF!
I really would like to win the lottery Iwouldre@llylike2wintheLottery! Iwrl2wtL!
Spring is my favorite time of year Sprin9ismyf@VoriteTimeofyEar S*imfT0Y

If you ever feel your password may have been compromised, change it!

A possible note of encouragement — newer technologies (like smartcards and tokens) are being implemented and may eliminate the need for some of these rules.