Red Hat ENTERPRISE LINUX 5 - DEPLOYMENT Deployment Manual page 633

• Do Not Use Hacker Terminology — If you think you are elite because you use hacker terminology
— also called l337 (LEET) speak — in your password, think again. Many word lists include LEET
speak.
Some insecure examples include the following:
• H4X0R
• 1337
• Do Not Use Personal Information — Avoid using any personal information in your passwords. If the
attacker knows your identity, the task of deducing your password becomes easier. The following is a
list of the types of information to avoid when creating a password:
Some insecure examples include the following:
• Your name
• The names of pets
• The names of family members
• Any birth dates
• Your phone number or zip code
• Do Not Invert Recognizable Words — Good password checkers always reverse common words, so
inverting a bad password does not make it any more secure.
Some insecure examples include the following:
• R0X4H
• nauj
• 9-DS
• Do Not Write Down Your Password — Never store a password on paper. It is much safer to
memorize it.
• Do Not Use the Same Password For All Machines — It is important to make separate passwords for
each machine. This way if one system is compromised, all of your machines are not immediately at
risk.
The following guidelines will help you to create a strong password:
• Make the Password at Least Eight Characters Long — The longer the password, the better. If using
MD5 passwords, it should be 15 characters or longer. With DES passwords, use the maximum
length (eight characters).
• Mix Upper and Lower Case Letters — Red Hat Enterprise Linux is case sensitive, so mix cases to
enhance the strength of the password.
• Mix Letters and Numbers — Adding numbers to passwords, especially when added to the middle
(not just at the beginning or the end), can enhance password strength.
Password Security
607