Find answers to your technical questions and learn how to use our products
Search suggestions:
Definition
A strong password is typically one that:
Is long (for example at least 8 characters)
Complex (for example contains upper, lower and numeric characters)
Does not contain sequences or repeated characters
Is not easily guessable. Guessable passwords include:
Password same as account name or extension number (or reversed)
Dictionary words
Dictionary words with number substitution
Backwards words
Personal or corporate information
Date of birth
Default passwords
A strong PIN/Login Code is typically one that:
Is long. A 13-digit PIN is similar in strength to an 8-character case-sensitive password
Does not contain sequences or repeated digits
Does not contain keypad sequences (for example 2580)
Is not easily guessable. Guessable PINs include:
PIN same as extension number (or reversed)
Dates, prevalent when 4, 6 or 8 digit minimum length is enforced
Default login codes
Password and PIN strength and management is not covered in detail here, but many publications exist including:
NIST Special Publication (SP) 800-118, Guide to Enterprise Password Management (Draft):
http://csrc.nist.gov/publications/drafts/800-118/draft-sp800-118.pdf
Center for the Protection of National Infrastructure (CPNI), PROTECTING SYSTEMS AND DATA, PASSWORD ADVICE:
http://www.cpni.gov.uk/documents/publications/2012/2012029-password_advice.pdf
US-CERT Security Tip (ST04-002), Choosing and Protecting Passwords:
https://www.us-cert.gov/ncas/tips/ST04-002
Previous Topic
Next Topic
