Follow

Strong Password Guidelines

  • Applies to: All Service Types
    • Difficulty: Easy
    • Time Needed: 10
    • Tools Required: None

Overview

Creating and using strong passwords is an important part of your server security.

NOTE:
If your old password was compromised, make sure that your new password is very different from your old one.

Plesk requirements

With Plesk 11 or higher, a strong password is required with your intial setup. These passwords are at least 8 characters long. Along with upper and lower-case characters, they require multiple occurrences of digits and special symbols. Such passwords provide strong protection from brute-force attacks.

Things to include

  1. At least eight characters.
  2. One or more of each of the following:
    • lower-case letter
    • upper-case letter
    • number
    • punctuation mark
  3. Lookalike characters to protect against password glimpses. Examples:
    • O as in Oscar and the number 0.
    • Lower-case l and upper-case I.
    • The letter S and the $ sign.

Things to avoid

  1. Words you can find in the dictionary.
  2. Passwords shown as "example strong passwords."
  3. Personal information, such as names and birth dates.
  4. Keyboard patterns, like qwerty or 12345. Particularly avoid sequences of numbers in order.
  5. Common acronyms.
  6. All one type of character - such as all numbers, all upper-case letters, all lower-case letters, etc.
  7. Repeating characters, such as mmmm3333.
  8. The same password you use for another application.

Memorable password tips

While passwords that are easy for you to remember are also less secure than a completely random password, following these tips can help you find the right balance between convenience for you and difficulty for hackers.

  1. Create a unique acronym for a sentence or phrase you like.
  2. Include phonetic replacements, such as 'Luv 2 Laf' for 'Love to Laugh.'
  3. Jumble together some pronounceable syllables, such as 'iv,mockRek9.'

Keep your password secret

  1. Never tell your password to anyone (this includes significant others, roommates, coworkers, etc.). If you need to grant someone access to your server, set up a separate username and password for that person.
  2. Never write your password down, especially not anywhere near your computer.
  3. Do not store your password in a plain text file on your computer.
  4. Never send your password over an unecrypted connection - including unencrypted email.
  5. Periodically test your current password.
  6. Update your password every six months.

Third-party tools

Password generators

Password strength tests

Password storing tools

CAUTION:

Please investigate any third-party security tools before using them. (mt) Media Temple is not affiliated with the websites and products shown here.

Resources

Was this article helpful?
0 out of 0 found this helpful

Comments