Choosing a Password

Choosing a good, secure password is important, for your personal account on the CS server or a team account. Indeed, for any account. There are few things for which you want to prove your identity (authentication) and be granted permission (authorization) where you won't care whether someone else can hack in and become you.

Furthermore, attackers can use your account to attack other users on the system, the system itself, and other computers on our network. In that way, your password protects others as well as yourself. Think of how losing your OneCard might allow bad people to swipe into res halls and make your classmates more vulnerable.

Use a Password Manager

One of the best things you can do is to have and use a password manager. There are some good articles from CNet about password managers, including recommendations:

best password managers for 2020
obsolete password rules
managers great until you lose access, for balance and full disclosure, it's good to read this.

Many of the CS Faculty use password managers. The beauty of a password manager is that you can have a different, unique, very strong password for every account you have, and it does all the remembering for you.

Password Strategy

Supppose you decide to skip a password manager, at least for your account on the CS server. If so, you must choose a strong password that you can remember or write down. Please consider the strategy depicted by the XKCD cartoon below, namely to

choose 4 random words.

You can generate random words with website like https://randomwordgenerator.com/. I use that site all the time, because four random words are secure, easy to type and relatively easy to remember.

Here's the famous XKCD cartoon that explains and justifies this strategy:

password strength — Many old-fashioned strategies are both weak and hard to remember. Random words can be strong and memorable.

SSH Keys

Even better is to generate and use SSH Keys. They won't work in all contexts, but they work for logins and they are very secure. In fact, GitHub has given up on passwords entirely in favor of, among other things, SSH Keys. See GitHub kisses Passwords Goodbye.

Contact cs-sysadmin if you'd like to pursue this option.