Choosing Good Passwords


Automated password crackers can, and do, guess thousands of potential passwords per second in attempts to break into CSAIL user accounts. Most often, attackers aren't targeting individual users. Simple passwords are the quickest to guess, so choose better passwords for safer computing.

What to Use

  • Use letters, numbers, and symbols (or at least two of these)
    • Mix uppercase and lowercase letters if possible
  • Use a minimum of 8 characters
  • Devise a password that you can easily remember, so you don't have to write it down.
    • Write only partial passwords (or hints) in safe places, when necessary
    • Use the first letters of a familiar phrase, poem, or song lyric to construct and remember a password.
      ``In Xanadu did Kubla Kahn a stately pleasure dome decree.'' becomes ``IXdKKaspdd.''
  • Use a password that you can type quickly, without having to look at the keyboard. This makes it harder for someone to steal your password by watching over your shoulder.

What Not to Use

  • Don't use your login name in any form (as-is, reversed, capitalized, doubled, etc.).
  • Don't use a word contained in (English or foreign language) dictionaries, spelling lists, or other lists of words.
  • Don't use your first or last name in any form.
  • Don't use "example secure passwords" from this or any other website

For more secure passwords (banking, or if you have reason to believe someone would have a specific interest in your CSAIL account):
  • Don't use use your spouse's or child's name.
  • Don't use other information easily obtained about you. This includes license plate numbers, telephone numbers, social security numbers, the brand of your automobile, the name of the street you live on, etc.
Topic revision: 15 May 2018, JasonDorfman

MIT Computer Science and Artificial Intelligence Laboratory


  • About CSAIL
  • Research
  • News + Events
  • Resources
  • People

This site is powered by Foswiki MIT: Massachusetts Institute of Technology