Skip to site navigation

Why does the system refuse to accept my new password choice?

Choosing a password that can't easily be cracked is getting harder! Computer hackers use a freely available password cracking program to attempt to break into computer systems, and new versions of this program are constantly being developed. IS has no choice but to suspend accounts that have passwords that can easily be cracked by this program - in this way we hope to protect accounts that are vulnerable and prevent them from being misused.

When you choose a password, you should aim to come up with something that is easy for you to remember but hard for others to guess. Many people think that a pet's name or a car registration number is proof against attack - but they either forget how easy it is to come by this information, or are unaware of the ready availability of computerised 'cracking' tools that will try out every word in a dictionary - often including foreign languages - in a few seconds.

To make a hacker's job more difficult, our systems will reject passwords based on dictionary words, names, and such like, or simply variations thereof. Plonking a digit on the end, or typing your name backwards, really doesn't give any additional security: a cracking program will try out more possibilities of this sort than you're likely to dream up - in a fraction of a second.

Our systems will also insist that you include non-alphabetic characters in your password - digits, punctuation, and so on. Again, this is intended to make automated attacks more difficult, by expanding the number of possibilities and cutting down on the chance that recognisable words will get through.

Finally, your password will need to be at least eight characters long, and must not be one you have used before. Even an ordinary desktop computer can try out every possible password of fewer than six characters in a couple of hours. The longer your password, the more work an attacker has to do to eliminate all the possibilities.

Meeting all these criteria doesn't necessarily mean your password is good: some poor choices may still get through. For guidance on how to choose a strong password, see the next question.