Purpose of knowledge article

To act as a guide and reminder to use good password management practices recommended by the Lab IT.

Resolution

Here are the dos and don'ts when it comes to good password practices:

Do

• Do use unique passwords for each account
• Do use passphrases over passwords
  • A passphrase is a string of words put together (i.e., youturtlepoweronturbo)
  • Password can still be used as long as it includes:
    • Upper & lowercase letters
    • Numbers
    • Symbols with at least 14 characters
• Do enable multi-factor authentication
• Do utilize a reputable password management tool

Berkeley Lab provides 1Password and LastPass password managers.

Do not

• Do not use personal information, i.e., date of birth, name, city of birth, etc
• Do not use favorite things, i.e., flowers, numbers, colors, city, country, etc
• Do not use pet names
• Do not use the same password for different accounts
• Do not use common phrases
• Do not repeat words
• Do not use keyboard patterns
• Do not reuse an old password
• Do not share your password

What about a temporary password?

The above dos and don'ts apply to all temporary passwords, including Windows and macOS computers.

Temporary does not mean unimportant - even if you plan to change it later, using an easy or compromised password may still give an attacker access.

Weak passwords are one of the first guesses attackers will try when trying to access any system.

Passphrases vs Passwords

Good vs Bad passphrase and password examples

Additional resources

• Password Strength
• Windows Account Requirements