Choosing and Protecting a Password
This is not a guide to choosing the best password in the world, and protecting it like it's your PIN number or your life. We realize that if you had to pick unique, extra-long, extra-strong passwords, for all the systems you use, and change them very regularly, and couldn't write them down... that you'd go insane. But, that's no excuse for using the name of your dog, 'password', or a string of expletives with a 1 on the end.
If anything in this document is unclear, or it takes you more than a few minutes to read it, digest it, and come up with a good new password, let us know, as it obviously needs to be made more simple.
Most people are aware of the most obvious choices of password (if you are using the names of any of your family, please change your password now!)
However, because of the availability of automated password-cracking programs, you should also avoid the following:
- Any word which appears in a dictionary (including highly technical words from your own discipline.)
- Common first names, your surname, names of pets and literary characters, dates of birth.
- Your editor name or car registration number.
- Passwords of less than eight characters (shorter passwords are easier to crack.)
- Any dictionary word slightly modified (e.g. by adding a number to the end, or changing l to 1.)
- Simple sequences such as QWERTY, LETMEIN, the name of your department or group, or an obvious name spelled backwards.
A recommended technique for choosing passwords which are hard to crack but possible to remember is:
- Choose a short sentence or phrase which makes sense to you (but is not a common saying or proverb), use its initial letters and insert a number or punctuation (preferably both) somewhere in the string. Note that you can mix upper and lower case to make any passwords harder to crack.
- For passwords, DMOZ requires a minimum of eight (8) characters and maximum of 16 characters, at least one (1) letter, and at least one (1) non-letter character (this can be a numeral or any ASCII special character).
If you have an 8-16 character password, which contains at least any three of upper case, lower case, numbers and special characters, and which doesn't look like a word or your username, you're probably doing well enough. Aim for that.
- Make every effort never to share your password with anyone. If it's written down, make sure it's not for public consumption on the bathroom wall. Don't save your password on a public computer, or a computer whose administrator you do not trust. Do not tell anyone, including DMOZ metas, administrators, and staff, your password, even if they request it. (Please notify the DMOZ administrative team if anyone does request your password, however convincing their need sounds.)
- Use a different password for each of dmoz.org, ODP::Passport, Resource-Zone, and editor-produced tools. Never supply any of these passwords to a third party or editor-produced tool, however attractive the features of the tool are. (Please notify the DMOZ administrative team of any third party/editor-produced tool that requests these passwords.)
- The DMOZ editor forums use the same password as your editor account, but they synchronize after several hours. If after a few hours you still can't access the fora, let us know.
- Any passwords that you use for DMOZ systems should be different to all other systems. If you want to use the same password for the dozens of news sites that make you register to read the headlines, please go right ahead, but don't use the same password for DMOZ, as we do have data that should not be shared, and if it gets leaked under your user account, it's your responsibility.
- Never re-use an old password, ever. Never use a password given as an example of a password. Never use an online password generator or pick a password from a list online.
Avoid emailing passwords, and never store them in your mailbox.
- If in doubt change your password.