Password-handling Tips
Password should always be well protected. Some guidelines for password selection are provided below:
DON'Ts
Do not use your login name in any form (as-is, reversed, capitalized, doubled, etc.).
Do not use your first, middle or last name in any form.
Do not use your spouse's or child's name.
Do not use other information easily obtained about you. This includes ID card numbers, license plate numbers, telephone numbers, birth dates, the name of the street you live on, etc.
Do not use a password with the same letter like "aaaaaa".
Do not use consecutive letters or numbers like "abcdefgh" or "23456789".
Do not use adjacent keys on the keyboard like "qwertyui".
Do not use a word that can be found in an English or foreign language dictionary.
Do not use a word in reverse that can be found in an English or foreign language dictionary.
Do not use a well known abbreviation. This includes abbreviation of bureau or department name, project name, etc.
Do not use a password with fewer than six characters.
Do not reuse recently used passwords.
DOs
Use a password with a mix of at least six mixed-case alphabetic characters, numerals and special characters.
Use different passwords for different systems.
Use a password that is difficult to guess but easy for you to remember.
Use a password that you can type quickly, without having to look at the keyboard.
Password handling for end users
DON'Ts
Do not write down your password unless with sufficient protection.
Do not tell or give out your passwords even for a very good reason.
Do not display your password on the monitor.
Do not send your password unencrypted especially via Internet email.
Do not select the "remember your password" feature associated with web sites that contain your personal particulars (e.g. ID card number) and disable this feature in your browser software.
Do not store your password in any media.
DOs
Change your password regularly (e.g. every 90 days).
Change the default or initial password the first time you login.
Change your password immediately if you suspect that it has been compromised.