Change the default or initial password the first time you login.
Log off when finished using terminals or PCs in public areas.
Beware of shoulder surfing.
Don’t use dictionary words and personal related information as login name or password.
Don’t place your password conspicuously.
Don’t tell your passwords to other people.
Don’t store your password on any media unless it’s protected from unauthorized access.
Don’t use the same password for everything
e.g. Don’t use the password of any CUHK application for any personal account, or vice versa.
Don’t reuse recently used password.
Avoid using the “remember your password” feature.
Guidelines for setting a Strong Password
Password minimum length
Set your passwords with at least 10 characters composed of random letters, digits and special characters (e.g. #, $, % and spaces) and;
Composition
A good rule of thumb is never use dictionary words and personal related information such as name, the NetID, birthday date, telephone number, HKID and user ID, etc.
Reuse of passwords
Use different sets of passwords in different systems for examples mix upper and lower case letters; mix letters and numbers; include non-alphanumeric characters and;
Password aging
You should change your password regularly such as in every 180 days.
Examples
Examples of strong passwords:
A combination of several words that aren’t themselves a word interspersed with special characters (e.g., !4scOrE&sDayNYeaRs_ag0)
A word with digits of a memorable date sprinkled inside it (e.g., vacation -> 0vac2a0t9io19ln99)
Examples of weak passwords:
Use of repeated numbers, characters or sequences such as 1234567890, bbbbbbbbbb, or 3333333333
Use of words in dictionary such as the word “password”
Use of personal related information HKID such as “Y6754815”
Examples of how to set up a strong password:
Use a memorable word – it can even be a dictionary word or name but move the hands up a row from the home row on the keyboard when typing it. This way, “GoFishing” would become “T9R8wy8ht”. This technique would be most usable by touch-typists.
Create a passphrase and use the first letter of each word. The phrase “Now is the time for all good persons …”would yield the password “NittfaGp”. Since our rules required still more complexity, I suggested putting a punctuation character in front – “!” for example, to make it “!Nittfagp”.
Transform words using by substituting characters for letters – @ or ^ for “a”, $ for “s”, 3 for “e”. The word “Geekspeak” might become “G33k$p3^k.”
Do the unexpected with characters and numbers and put them at the beginning or middle of a password instead of the end. LC3 can vary 1-3 appended characters as part of a hybrid attack. LC4 added the ability to work with prepended characters but the cracking process is much, much slower.
Fact
The purpose to set a strong password is to minimize the potential risk of unauthorized access to important data and use of computing resources. The table below can give you some idea of how long it takes to crack different passwords. From there, you can see that it takes 44.8 years to crack a 10-characters password in pure lower case letters and it takes 45.8 millennia to crack a 10-characters password in mixed characters. You can see the importance of setting a strong password:
Total Number of Characters from Which Password is Selected
This website uses Cookies, including Cookies from Google Analytics, to ensure you get the best browsing experience. If you “Continue” to use this site, you consent to the use of Cookies. Read more about Cookies
This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
Cookie
Duration
Description
cookielawinfo-checkbox-analytics
11 months
This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional
11 months
The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary
11 months
This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others
11 months
This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance
11 months
This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy
11 months
The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.