One of the easiest and most effective ways to improve security is by using more secure passwords.

SNS user passwords must be 8 characters long and contain characters from three of the following four categories:
an upper-case character
a lower-case character
a numerical digit (0-9)
a nonalphanumeric character (for example, !,\$#,%)

Even if it satisfies the above criteria though, a password you choose won't necessarily be secure. For example, cat2dog* is a terrible password choice. The reason why, and advice on how to choose a good password, is described below.

• Make passwords hard to guess.

Hackers have access to very powerful password-cracking tools incorporating extensive word and name dictionaries. Thus passwords should never be dictionary words or names, even foreign language ones. The cracking tools will also perform many algorithms such as words spelled backwards, substitution of certain letters for numbers (e becomes 5, adding capital letters at different positions in the word string etc. Almost all the substitutions you can think of have probably already been coded into an algorithm.

More secure passwords are those which are based on pass phrases and/or non-dictionary words (including "nonsense" words), combined with obscure character substitutions. These can be extremely difficult to either guess or crack. The most effective method of choosing a password that is well chosen and easy to remember is to think of a simple phrase and use the first letter of each word in combination with numbers or punctuation.

Example: "I need to drink coffee in the morning" could be used as a mnemonic for:

	In2dcitm


This password satisifies all the criteria above, and could also be considered secure.

• Don't share passwords with others.

Your password authenticates the your identity as the authorized user. You may be held responsible for misuse of the account if the password is shared.

• Use different passwords for different accounts.

Using a single password is the equivalent of using a single key for your car, house, mail box, and safety deposit box -- if you lose the key, you give away access to everything. If your password is compromised on one system, using different passwords on different systems will help prevent intruders from gaining access to your accounts and data on other systems. For example, if you have an account at another institution, you should use a different password for that account than you use for your SNS account. That way, if the password on one account is accidently revealed, the other account is still protected.

The passwords need to maintain the rules for "goodness" as well as not be trivially derivable if one passwordis known. While using multiple passwords increases the difficulty of managing passwords, it results in significant increases in security.