Strengthening Passwords

Various parts of your account require a password, such as SSH and FTP users, mailboxes, databases, and applications. It’s important to create strong passwords to avoid data loss and to preserve your privacy.

Strong passwords are

  • difficult for others to guess,
  • easy for you to remember, and
  • unique.

A strong password needs to be difficult for others to guess. Attackers use various methods to guess passwords, including using widely-available lists of commonly-used passwords. For that reason, avoid dictionary words or common series of numbers in your passwords.

Similarly, attackers may attempt to use publicly-available information about you to guess your passwords. For example, avoid using any form of your birth date in a password, since social media sites often make it easy for others to learn your birth date. Consider what other facts about you may be collected from public sources and avoid using such information in passwords.

A strong password needs to be easy for you to remember. A password written down next to your computer or stored in your email inbox is less secure than one kept secret. If you must record your passwords, use secure password management software, such as KeePass.

Finally, a strong password needs to be unique, so that one compromised password does not cause more than one system to be compromised. Avoid reusing passwords.

Password Requirements

In an effort to improve the strength of passwords, WebFaction imposes some requirements on user account and other passwords. New passwords need to meet the following requirements:

  • The password must not be a dictionary word.
  • The password must not be too simple or systematic. For example, 123456789 or qwertyuiop are unacceptable passwords.
  • The password must not be a previously used password.
  • The password must not be closely similar to a previously used password. Closely similar passwords include those with only minor differences from previous passwords (such as a single character difference) and those which are palindromes, rotations, or case changes of previous passwords.
  • The password must be longer than six characters.

The password may contain any ASCII character, including alphanumeric characters and special characters (like !@#$%).