IdentiKey passwords must meet the following requirements:
First, it's good to remember that despite the term, there is no need for passwords to be actual words. Indeed passwords that are not actual words are harder to guess (an extremely desirable property). One of the best ways to keep your computer and your private information protected is to have a strong password.
People rightly complain that it can be hard to remember a strong password. One common mnemonic device for simple recollection consists of an easily remembered word, phrase, or rhyme whose initials or other characteristics are associated with the list items. A way of remembering biological groupings in taxonomy is the phrase "Kings Play Chess Often For Great Sport." The letters stand for Kingdom, Phylum, Class (biology), Order (biology), Family (biology), Genus, and Species. The idea lends itself well to memorizing hard-to-break passwords as well.
Personal mnemonics, or things that are memorable to you but not to others, are commonly recommended. For example, the password Iw21wIfvP, a difficult to remember string of letters and numbers, derives from, "I was 21 when I first visited Paris," is probably easily remembered by the creator. However, if your first experience in Paris is important to you, it may be possible to guess this password from general knowledge of you, and this would not be a sensible password choice.
Computer users are generally advised to never write a password down anywhere, no matter what, and to never use the a password for more than one account. This advice has the unintended consequence that many computer users select weak passwords, even for important accounts, and they end up using the same password everywhere.
Rather, use strong, unique passwords for each online service you use and store them in a reputable password manager like:
If you absolutely need to write down a password, never store it in obvious places, such as address books, Rolodex files, under drawers or keyboards, or behind pictures. The worst, but all too common location, is a Post-it note near the computer. Better locations are a safety deposit box or a locked file cabinet. Software is available for popular hand-held computers that can store passwords for numerous accounts in encrypted form.
Another approach is to use a few passwords. For example choose simple password for low security accounts, such as newsletters or web registrations, then select separate, strong passwords for IdentiKey passwords and financial accounts.
Public computers may not always be securely configured pose a threat to your privacy by storing your password or web cookies. Think twice about going to a secure site if you can not verify the security of the computer. When you log out of a computer in an OIT lab or OIT "scarpie" kiosk your privacy is protected.
Don't forget that getting passwords by manipulation of users is an example of social engineering. An attacker might telephone a user and say, "Hi. OIT here. We're doing a security test. Can we have your password so we can proceed?" Know that OIT (and virtually every reputable company you do business with) will not ask for your password, and rarely, if ever, need to know your password in order to perform the work.