Join TechSoup
The place for nonprofits, charities, and libraries
Afghanistan
Aland Islands
Albania
Algeria
American Samoa
Andorra
Angola
Anguilla
Antigua and Barbuda
Argentina
Armenia
Aruba
Australia
Austria
Azerbaijan
Bahamas
Bahrain
Bangladesh
Barbados
Belarus
Belgium
Belize
Benin
Bermuda
Bhutan
Bolivia
Bosnia and Herzegovina
Botswana
Brazil
British Virgin Islands
Brunei
Bulgaria
Burkina Faso
Burundi
Cambodia
Cameroon
Canada
Cape Verde
Cayman Islands
Central African Republic
Chad
Chile
China
Christmas Island
Cocos (Keeling) Islands
Colombia
Comoros
Congo
Congo DRC
Cook Islands
Costa Rica
Côte d'Ivoire
Croatia
Curaçao
Cyprus
Czech Republic
Denmark
Djibouti
Dominica
Dominican Republic
Ecuador
Egypt
El Salvador
Equatorial Guinea
Eritrea
Estonia
Ethiopia
Falkland Islands
Faroe Islands
Fiji
Finland
France
French Guiana
French Polynesia
Gabon
Gambia
Georgia
Germany
Ghana
Gibraltar
Greece
Greenland
Grenada
Guadeloupe
Guam
Guatemala
Guernsey
Guinea
Guinea-Bissau
Guyana
Haiti
Honduras
Hong Kong
Hungary
Iceland
India
Indonesia
Iraq
Ireland
Isle of Man
Israel
Italy
Jamaica
Japan
Jersey
Jordan
Kazakhstan
Kenya
Kiribati
Korea
Kosovo
Kuwait
Kyrgyzstan
Laos
Latvia
Lebanon
Lesotho
Liberia
Libya
Liechtenstein
Lithuania
Luxembourg
Macau
Macedonia, FYRO
Madagascar
Malawi
Malaysia
Maldives
Mali
Malta
Marshall Islands
Martinique
Mauritania
Mauritius
Mayotte
Mexico
Micronesia
Moldova
Monaco
Mongolia
Montenegro
Montserrat
Morocco
Mozambique
Myanmar
Namibia
Nauru
Nepal
Netherlands
New Caledonia
New Zealand
Nicaragua
Niger
Nigeria
Niue
Norfolk Island
Northern Mariana Islands
Norway
Oman
Pakistan
Palau
Palestine, State of
Panama
Papua New Guinea
Paraguay
Peru
Philippines
Pitcairn
Poland
Portugal
Puerto Rico
Qatar
Réunion
Romania
Russia
Rwanda
Saint Barthélemy
Saint Helena
Saint Kitts and Nevis
Saint Lucia
Saint Martin
Saint Pierre and Miquelon
Saint Vincent and the Grenadines
Samoa
San Marino
Sao Tome and Principe
Saudi Arabia
Senegal
Serbia
Seychelles
Sierra Leone
Singapore
Sint Maarten
Slovakia
Slovenia
Solomon Islands
Somalia
South Africa
South Sudan
Spain
Sri Lanka
Suriname
Svalbard
Swaziland
Sweden
Switzerland
Taiwan
Tajikistan
Tanzania
Thailand
Timor-Leste
Togo
Tokelau
Tonga
Trinidad and Tobago
Tunisia
Turkey
Turkmenistan
Turks and Caicos Islands
Tuvalu
U.S. Virgin Islands
Uganda
Ukraine
United Arab Emirates
United Kingdom
United States
Uruguay
Uzbekistan
Vanuatu
Vatican City
Venezuela
Vietnam
Wallis and Futuna
Yemen
Zambia
Zimbabwe
Log in
Join
Product Catalog
Software
By Donor or Company
Acclivity
Adobe
Alpha Software
Altum
Amazon Web Services
Atlas Business Solutions
Autodesk
AvePoint
Azavea
BetterWorld Telecom
Bidcoz
Bitdefender
Blackbaud
Bloomerang
Boost
Box
Bytes of Learning
Caravan Studios
CauseVox
Cisco
CitySoft
ClickTime
CogniView
Comodo
Connect2give
Dell
Dharma Merchant Services
DocuSign
DonorPerfect
Efficient Elements
FileMaker
Glassdoor
GoDaddy
GrantStation
Guide by Cell
Headsets.com
Horizon DataSys
HR Solutions Partners
InFocus
Informz
Intuit
JourneyEd.com
Linksys
Litmos
Little Green Light
LogMeIn (Formerly Citrix)
Mailshell
Microsoft
MileIQ
Mobile Beacon
NonProfitEasy
Oracle+NetSuite Social Impact
PayAnywhere
People-OnTheGo
Pitney Bowes
QuestionPro
QuickBooks Made Easy
Reading Eggs
ReadyTalk
Refurbished Computers
Sage
Shopify
SimpleCharityRegistration.com
Skillsoft
SNPO
Sparrow
Symantec
Tableau
TechBridge
Tech Impact
Telosa
Ultralingua
Ushahidi
Veritas
Western Digital
Zoner
By Category
Accounting
Antivirus
Business and Technology Planning
Cloud Computing
Communications
Computers and Electronics
Databases and Analytics
Donor and Grants Management
Fundraising
Green Technology
Human Resources
IT Support and Services
Mobile
Operating Systems
Phone Service
Security
Servers and Networks
Telecommuting
Training and Education
Web and Graphic Design
Website Management
By Organization Type
Advocacy or Public Policy
Animal Welfare
Business or Professional Organizations
Civil Rights Activities
Community Development
Conservation or Environmental Organizations
Counseling or Human Services
Disaster Aid
Employee Membership Benefit Organizations
Farming or Agriculture
Foundations
Fundraising
Hospitals or Health Services
Housing Activities
Legislative or Political Activities
Libraries
Litigation or Legal Aid
Museums or Historical Sites
Mutual Organizations
Neighborhood and Homeowners Associations
Public Safety
Religious Organizations
Schools or Colleges
Scientific Research
Sports, Recreational, or Social Activities
Training or Employment Preparation
United Way or Community Fund
Youth Activities
Nonprofit Favorites
Hardware
Hardware Center
Networking Equipment
Refurbished Computers
Browse Full Catalog
Learn More
Check Your Eligibility
Why Join TechSoup?
Services
Boost
Cloud Help
IT Assist
Community
Community Home
Events
Forums
Success Stories
Resources
Articles and How-Tos
Blog
Storymakers
Webinars
Support
Support Home
Microsoft Download Help
Product Donation FAQ
Using Your Donation
Validation Tokens
Contact Us
Search section
Search
Searched content
Search
Home
»
Community
»
Security
»
Password Selection Tips?
Password Selection Tips?
New here?
If you'd like to participate,
join us
.
If you're already a member,
log in
.
Search for a specific post?
javascript disabled
Subscribe to RSS
Close this window
Search Blogs and Forums for a Post
*Please enter a search term.
Search In:
Forums and Blog
Blog
Forums
All Forums
Databases and Software
Design and Web Building
Digital Engagement
Digital Storytelling
Events, Classes, Workshops, and Training
Hardware, Networks, and Telecommunications
Introduce Yourself
Mobile and Wireless
Public Computing, ICT4D, and Tech4Good
Security
Tech Careers at Nonprofits and Libraries
Tech Planning and Policies
TechSoup Program Help
TechSoup Site Improvements
TechSoup Town Hall
TechSoup Technology Wish List
Date range:
All Time
Last Year
Last 6 Months
Last 3 Months
Last Month
Last Week
Last Two Days
Search
New Post
Details
Rate This
6
Replies
0
Subscribers
Posted
over 10 years ago
Featured Topics
Forums
Blog
Recent Activity
Password Selection Tips?
Posted by
wcook
on
1 May 2007 4:22 PM
How has your nonprofit dealt with passwords? Do you have a formal, organization-wide policy?
Share your tips for selecting secure passwords here.
senior editor, TechSoup
Log In to Reply
You have posted to a forum that requires a moderator to approve posts before they are publicly available.
Posted by
kjstrat
on
3 May 2007 4:01 AM
I like passphrases. Creating a passphrase is as simple as remembering a saying, for instance, "an apple a day keeps the doctor away" and using a letter from each word. So if I used the first letter of each word in the preceding passphrase, my password would be "aaadktda". Not the best password in the world, but certainly more complex than most.
To make a more secure password, include non-standard characters like $, %, or &. And longer passwords are more secure. Fourteen, fifteen characters or more are ideal.
I've been using passwords for 10 years now (remember the ol' days when we only needed one 4-digit pin?) and I classify them now. I have one I freely use for non-critical uses, such as this forum. That particular password I have no qualms about sharing with someone else There's others I've garnered thru the years, whether from ISP's to work to passphrases. My most secure passwords are combinations I've daisy-chained together for 15 character or more.
Log In to Reply
You have posted to a forum that requires a moderator to approve posts before they are publicly available.
Posted by
donc
on
3 May 2007 1:28 PM
Our password policy is -
Minimum 8 characters, renewed every 40 days, must contain 2 of either: upercase, numeric, or special character - i.e.
M@dh@ter!
Ch33se&3gg
Num3r!c@1
Log In to Reply
You have posted to a forum that requires a moderator to approve posts before they are publicly available.
Posted by
mirrorshades
on
7 May 2007 12:40 PM
Share your tips for selecting secure passwords here.
For any passwords of significance, I tend to use the Keepass application's password generation utility. It allows you to specify the password length and which characters to include, then prompts you for some "random" input (mouse or keyboard) to generate the password.
Keepass is also a handy-dandy utility to keep track of all those 100-character passwords, too. :cwm11;
Info on program:
http://keepass.info/
Log In to Reply
You have posted to a forum that requires a moderator to approve posts before they are publicly available.
Posted by
valleynet
on
8 May 2007 4:57 PM
Another nice little open source utility for generating random passwords and storing them is Password Safe available from http://passwordsafe.sourceforge.net/
The program and the database are small enough to store on a USB thumb drive and since the "safe" needs a combination (password) and the database is encrypted, no danger if it's lost. With Password Safe you only need one strong password which you can generate with the program to access all your user names and passwords. I'm a sysadmin with dozens of passwords to remember and I couldn't live without it.
Rick Goodwin
System Administrator
ValleyNet
www.valley.net
Log In to Reply
You have posted to a forum that requires a moderator to approve posts before they are publicly available.
Posted by
knyhus
on
12 May 2007 2:19 PM
I'd add this after the 'not sure what word to use?' section:
If you keep many highly-sensitive logins, it may not be possible to remember them all without writing them down, let alone changing them periodically. How do you ‘write down’ a password without really writing it down? Answer:
use a code.
For example, you might use the 'famous quote' method to generate a good, secure password. In this case, if you used "four score and seven years ago," the code to that generated password might be ‘lincoln.’ You would write down ‘lincoln’ as the password for that account, and this serves as a personalized reminder of which generator phrase you used. Then you remember how you did it, and recreate the '4sa7yaof' password. When I code my passwords this way, I also code the email address associated with them: I have nicknames for my email accounts which mean something only to me, and they don't contain the '@' symbol. Sometimes I even encode the names of the service or website to which the password applies! This way, I am able to keep a list of dozens of passwords in my smartphone, but anyone who found it would have no luck deciphering the passwords (the file I keep them in isn't even called 'passwords!'). Use this method only if you’re good at creating and remembering codes (try it out on a few passwords to find out).
Log In to Reply
You have posted to a forum that requires a moderator to approve posts before they are publicly available.
Posted by
rksethi
on
15 Jul 2007 6:59 PM
I think these are all great password suggestions. One suggestion I'd like to make from extensive information security training experience is that you should let users know
why
you are implementing password controls.
Often times people will try do the bare minimum and end up with passwords that are very breakable to a dedicated attacker (e.g. password123 or [insert sport team name/child's name here]2007 ).
Let users know that the reason for these controls and for account lockouts is because attackers can automate the login process and try an entire dictionary of words in a matter of minutes. People regularly break into systems that do not implement strong password controls.
You'll find that when users have an undestanding as to risks behind insecure passwords they are much more likely to choose truly secure passwords - although there will always be a few who just don't care.
Log In to Reply
You have posted to a forum that requires a moderator to approve posts before they are publicly available.
