Subscribe to Our Newsletter
On the Web:
Select your country
Country:
United States
Australia
Austria
Belgium
Botswana
Brazil
Bulgaria
Canada
Chile
Colombia
Croatia
Czech Republic
Egypt
France
Germany
Hong Kong
Hungary
India
Indonesia
Ireland
Israel
Italy
Japan
Kenya
Luxembourg
Macau
Malaysia
Mexico
Netherlands
New Zealand
Philippines
Poland
Romania
Russia
Singapore
Slovakia
Slovenia
South Africa
Spain
Sweden
Switzerland
Taiwan
Thailand
United Kingdom
United States
Vietnam
By the Cup
Weekly technology articles, discussions, and community events.
New Product Alert
Get notified about new product offers and services at TechSoup.
TechSoup for Libraries
Stories, programs, and articles for the library community.
Account options
Members
Log In
Not yet a member?
Join
Join TechSoup
The place for nonprofits, charities, and libraries
Get Products and Services
Browse Catalog
By Donor or Provider
Acclivity
Adobe
Alpha Software
Atlas Business Solutions
Atomic Training
Autodesk
Azavea
BetterWorld Telecom
BetterWorld Wireless
Bitdefender
Blackbaud
Bloomerang
Box
Brocade
Bytes of Learning
Caravan Studios
Caspio
CauseVox
Cisco
Citrix
CitySoft
ClickTime
Connect2give
Dharma Merchant Services
DonorPerfect
Efficient Elements
Esri
FileMaker
GoDaddy
GrantStation
Guide by Cell
Headsets.com
Horizon DataSys
HR Solutions Partners
Huddle
Idealware
Intuit
Litmos
Little Green Light
Mailshell
Microsoft
Mobile Beacon
NetSuite
NonProfitEasy
PayAnywhere
People-OnTheGo
PhilanTech
Pitney Bowes
QuickBooks Made Easy
Reading Eggs
ReadyTalk
Red Earth Software
Refurbished Computers
Sage
SAP
Shopify
SNPO
Special Offers
Symantec
Tech Impact
TechBridge
Teespring
Telosa
TINT
Ultralingua
VolunteerMatters
By Category or Solution
Accounting
Business and Technology Planning
Cloud Computing
Communications
Computers and Electronics
Databases and Analytics
Donor and Grants Management
Fundraising
Green Technology
Human Resources
IT Support and Services
Mobile
Operating Systems
Phone Service
Security
Servers and Networks
Telecommuting
Training and Education
Web and Graphic Design
Website Management
By Organization Type
Advocacy and Public Policy
Animal Welfare
Business and Professional Organizations
Civil Rights Activities
Community Development
Conservation and Environmental Organizations
Counseling and Human Services
Disaster Aid
Employee Membership Benefit Organizations
Farming and Agriculture
Foundations
Fundraising
Hospitals or Health Services
Housing Activities
Legislative and Political Activities
Libraries
Litigation and Legal Aid
Museums or Historical Sites
Mutual Organizations
Neighborhood and Homeowners Associations
Public Safety
Religious Organizations
Schools and Colleges
Scientific Research
Sports, Recreational, and Social Activities
Training and Employment Preparation
United Way or Community Fund
Youth Activities
Special Programs
Nonprofit Favorites
All Products
Find Out How It Works
Overview
Check Your Eligibility
Community
Community Home
Events
Forums
Participation Guidelines
Success Stories
Resources
Articles and How-Tos
Blog
Storymakers
Webinars
Support
Support Home
Contact Us
Installation and Licensing
Product Donation FAQ
Using Your Donation
Search section
Search
Searched content
Search
Home
»
Community
»
Security
»
Password Selection Tips?
Password Selection Tips?
New here?
If you'd like to participate,
join us
.
If you're already a member,
log in
.
Search for a specific post?
javascript disabled
Subscribe to RSS
Close this window
Search Blogs and Forums for a Post
*Please enter a search term.
Search In:
Forums and Blog
Blog
Forums
All Forums
Databases and Software
Design and Web Building
Digital Engagement
Digital Storytelling
Events, Classes, Workshops, and Training
Hardware, Networks, and Telecommunications
Introduce Yourself
Mobile and Wireless
Public Computing, ICT4D, and Tech4Good
Security
Tech Careers at Nonprofits and Libraries
Tech Planning and Policies
TechSoup Program Help
TechSoup Site Improvements
TechSoup Town Hall
TechSoup Technology Wish List
Date range:
All Time
Last Year
Last 6 Months
Last 3 Months
Last Month
Last Week
Last Two Days
Search
New Post
Subscribe via RSS
Share this
Details
Rate This
6
Replies
0
Subscribers
Posted
over 7 years ago
Featured Topics
Forums
Blog
Recent Activity
Password Selection Tips?
Posted by
wcook
on
1 May 2007 4:22 PM
How has your nonprofit dealt with passwords? Do you have a formal, organization-wide policy?
Share your tips for selecting secure passwords here.
senior editor, TechSoup
Log In to Reply
You have posted to a forum that requires a moderator to approve posts before they are publicly available.
Posted by
kjstrat
on
3 May 2007 4:01 AM
I like passphrases. Creating a passphrase is as simple as remembering a saying, for instance, "an apple a day keeps the doctor away" and using a letter from each word. So if I used the first letter of each word in the preceding passphrase, my password would be "aaadktda". Not the best password in the world, but certainly more complex than most.
To make a more secure password, include non-standard characters like $, %, or &. And longer passwords are more secure. Fourteen, fifteen characters or more are ideal.
I've been using passwords for 10 years now (remember the ol' days when we only needed one 4-digit pin?) and I classify them now. I have one I freely use for non-critical uses, such as this forum. That particular password I have no qualms about sharing with someone else There's others I've garnered thru the years, whether from ISP's to work to passphrases. My most secure passwords are combinations I've daisy-chained together for 15 character or more.
Log In to Reply
You have posted to a forum that requires a moderator to approve posts before they are publicly available.
Posted by
donc
on
3 May 2007 1:28 PM
Our password policy is -
Minimum 8 characters, renewed every 40 days, must contain 2 of either: upercase, numeric, or special character - i.e.
M@dh@ter!
Ch33se&3gg
Num3r!c@1
Log In to Reply
You have posted to a forum that requires a moderator to approve posts before they are publicly available.
Posted by
mirrorshades
on
7 May 2007 12:40 PM
Share your tips for selecting secure passwords here.
For any passwords of significance, I tend to use the Keepass application's password generation utility. It allows you to specify the password length and which characters to include, then prompts you for some "random" input (mouse or keyboard) to generate the password.
Keepass is also a handy-dandy utility to keep track of all those 100-character passwords, too. :cwm11;
Info on program:
http://keepass.info/
Log In to Reply
You have posted to a forum that requires a moderator to approve posts before they are publicly available.
Posted by
valleynet
on
8 May 2007 4:57 PM
Another nice little open source utility for generating random passwords and storing them is Password Safe available from http://passwordsafe.sourceforge.net/
The program and the database are small enough to store on a USB thumb drive and since the "safe" needs a combination (password) and the database is encrypted, no danger if it's lost. With Password Safe you only need one strong password which you can generate with the program to access all your user names and passwords. I'm a sysadmin with dozens of passwords to remember and I couldn't live without it.
Rick Goodwin
System Administrator
ValleyNet
www.valley.net
Log In to Reply
You have posted to a forum that requires a moderator to approve posts before they are publicly available.
Posted by
knyhus
on
12 May 2007 2:19 PM
I'd add this after the 'not sure what word to use?' section:
If you keep many highly-sensitive logins, it may not be possible to remember them all without writing them down, let alone changing them periodically. How do you ‘write down’ a password without really writing it down? Answer:
use a code.
For example, you might use the 'famous quote' method to generate a good, secure password. In this case, if you used "four score and seven years ago," the code to that generated password might be ‘lincoln.’ You would write down ‘lincoln’ as the password for that account, and this serves as a personalized reminder of which generator phrase you used. Then you remember how you did it, and recreate the '4sa7yaof' password. When I code my passwords this way, I also code the email address associated with them: I have nicknames for my email accounts which mean something only to me, and they don't contain the '@' symbol. Sometimes I even encode the names of the service or website to which the password applies! This way, I am able to keep a list of dozens of passwords in my smartphone, but anyone who found it would have no luck deciphering the passwords (the file I keep them in isn't even called 'passwords!'). Use this method only if you’re good at creating and remembering codes (try it out on a few passwords to find out).
Log In to Reply
You have posted to a forum that requires a moderator to approve posts before they are publicly available.
Posted by
rksethi
on
15 Jul 2007 6:59 PM
I think these are all great password suggestions. One suggestion I'd like to make from extensive information security training experience is that you should let users know
why
you are implementing password controls.
Often times people will try do the bare minimum and end up with passwords that are very breakable to a dedicated attacker (e.g. password123 or [insert sport team name/child's name here]2007 ).
Let users know that the reason for these controls and for account lockouts is because attackers can automate the login process and try an entire dictionary of words in a matter of minutes. People regularly break into systems that do not implement strong password controls.
You'll find that when users have an undestanding as to risks behind insecure passwords they are much more likely to choose truly secure passwords - although there will always be a few who just don't care.
Log In to Reply
You have posted to a forum that requires a moderator to approve posts before they are publicly available.