Related Resources • Linux Newbie Administrator Guide • 0. Linux Benefit • 1. Before Installation • 2. Linux Resources/Help • 3. Basic Operations FAQ • 4. Newbie Admin FAQ • ~ 4.1 Lilo • ~ 4.2 Drives • ~ 4.3 X-Windows • ~ 4.4 Configurations • ~ 4.5 Networking • 5. Shortcuts / Commands • 6. Linux Applications • 7. Learn Linux Commands • A. How to Upgrade Kernel?

3.2.2 About password security

Here are some examples of hazardous passwords:
- No password (possible!).
- The word "password" (wow, this one is really weak!).
- Your login name (The login and the password the same? Hmm.).
- Your first name or the first name of your daughter, son, husband, wife, girlfriend, or any other first name. The number of first names in use is quite limited--just check the paperback book "what to name your baby". Don't assume that a first name you think of is secure because you are from India--Canada is really a multinational society and the typical namelist seems to cover all kinds of first names.
- Your last name or any other last name. The number of last names is surprisingly limited! Just check the US census data to see that your "rare" last name from the abamamahaba island is very well represented in the US 89,000 of the most frequent last names (e.g., http://www.census.gov/genealogy/www/freqnames.html). Or just check the Toronto telephone book. Another proof that we are all one family :))
- The nickname of your dog, wife, canary or computer. (Very few nick names humans use, much fewer than last names!)
- Name of your favourite sports team, celebrity, toothpaste, or detergent. Avoid names of popular soccer teams like fire. Same with rock bands (music).
- Date of your birth, social security number, etc; Sequences of digits can be easily probed.
- Name of your company, department, workgroup, etc.
- Password written in the calendar on your desk or on the side of your computer.
- A password which you also use in an insecure public place, for example an Internet store or a mailing list. In general, you should use different passwords for places controlled by different organizations.
- Any word which is in the English dictionary. The English dictionary does not contain as many words as it might seem. A not-so-skillful hacker can easily set a program to encrypt all dictionary words (100,000? that's under 1 MB!) and then compare all the encrypted strings to your encrypted password. As a matter of fact, tools for the "dictionary attack" are readily available on the Internet. Try the program crack yourself to find how easy it is. Swear words or "cool" (colloquial) expressions make the password particularly vulnerable for cracking.
- Any other word, last name, first name, pet or swear word, no matter in what language. For a cracker, to cover most languages is only a small overhead if he already covered one. How many significant languages are out there? 40?  The cracker just grabs a few more files and appends it to his cracking list. The point here is that the subset of words that humans normally use if far far below the theoretical limit of the random combination of characters.
- Any of the above with an addition of a number/letter at the beginning or the end. "yuoping1" is really a very weak password.

Unfortunately, the better the password, the harder it is to remember. I solved this problem for myself by taking 10 minutes to invent my personal password "scheme". Say, I always start and end with the monkey (@) sign, and use two words connected with an exclamation mark, the last letter of each word is capitalized, e.g., "@whitE!housE@".  Seems like an adequate password, and it is easy to remember once I know what my password rule is.  If you are a memory genius, you may consider truly excellent passwords generated with mkpasswd  :))

If you use an "over the phone" Internet connection for just a couple of hours a week, you may be fine even with a relatively weak password on your system. But please really reconsider your system security if you use a cable modem, or are otherwise connected to the Internet for a significant amount of time.

Most computer semi-literate use amazingly weak passwords.  "Around 50 percent of computer users base passwords on the name of a family member, partner or a pet. Thirty percent look to a pop idol or sporting hero," reports CNN (http://www.cnn.com/2002/TECH/ptech/03/13/dangerous.passwords/index.htmll).  Please note the underlined base. Appending a digit to an obvious word hardly makes the password more secure.

Next > 3.2.3 I forgot the root password