From CELS IT Wiki
Even when passwords are encrypted, they can be guessed or "cracked", especially when they match a dictionary word or permutation. Here is brief advice for choosing good passwords and avoiding bad passwords.
DOE 205.3 Guidelines
- Eight (8) non-blank characters
- A combination of
- Letters (preferably a mixture of upper and lowercase)
- At least one special character in first 7 positions
- First and last characters must be non-numeric
- Must not contain your name or username
- Something easy for you to remember with eight (8) characters
- An acronym derived from the first letter of each word of your favorite quotation
- Avoid using simply modified words. Horribly misspell it if you need a word to remember.
- Any word in a dictionary (or simple permutation)
- word followed by digits
- word followed by digits followed by a single letter
- digits followed by word
- single letter followed by digits followed by word
- Your name in any form -- first, middle, last, maiden, spelled backwards, nickname or initials.
- Your username, or your username spelled backwards.
- Your phone or office number, address, birthday, or anniversary.
- Your license-plate number, your social-security number, or any all numeral password.
- Any words or names spelled forwards, backwards, or in a foreign language
- "Hacker" spellings: (eg. 43770 for "hello" or "l33t" for "elite")
- All digits or all the same letter or letter sequences found on keyboards.
- Passwords you have used anywhere else, or your previous two passwords here.