How to generate a Strong Password

Overview

Creating and using strong passwords is an important part of your server security.

NOTE:

If your old password was compromised, make sure that your new password is very different from your old one.

Things to include

  1. At least eight characters.
  2. One or more of each of the following:
    • lower-case letter
    • upper-case letter
    • number
    • punctuation mark
  3. Lookalike characters to protect against password glimpses. Examples:
    • O as in Oscar and the number 0.
    • Lower-case l and upper-case I.
    • The letter S and the $ sign.

Things to avoid

  1. Words you can find in the dictionary.
  2. Passwords shown as “example strong passwords.”
  3. Personal information, such as names and birth dates.
  4. Keyboard patterns, like qwerty or 12345. Particularly avoid sequences of numbers in order.
  5. Common acronyms.
  6. All one type of character – such as all numbers, all upper-case letters, all lower-case letters, etc.
  7. Repeating characters, such as mmmm3333.
  8. The same password you use for another application.

Memorable password tips

While passwords that are easy for you to remember are also less secure than a completely random password, following these tips can help you find the right balance between convenience for you and difficulty for hackers.

  1. Create a unique acronym for a sentence or phrase you like.
  2. Include phonetic replacements, such as ‘Luv 2 Laf’ for ‘Love to Laugh.’
  3. Jumble together some pronounceable syllables, such as ‘iv,mockRek9.’

Keep your password secret

  1. Never tell your password to anyone (this includes significant others, roommates, coworkers, etc.). If you need to grant someone access to your server, set up a separate username and password for that person.
  2. Never write your password down, especially not anywhere near your computer.
  3. Do not store your password in a plain text file on your computer.
  4. Never send your password over an unecrypted connection – including unencrypted email.
  5. Periodically test your current password.
  6. Update your password every six months.

Third-party tools

Password generators

Password strength tests

Password storing tools

Change email password without logging in on DirectAdmin

If you would like your pop users to be able to change their own email passwords without having to login to the control panel, simply give them this link:

http://www.domain.com:2222/CMD_CHANGE_EMAIL_PASSWORD

Where www.domain.com is either your domain, hostname, or IP address.

More information on this function and how you can use it via API can be found Here.

There is also a DA plugin that also gives email users the ability to change their passwords, and vacation messages, and show them their email stats, all in once place:
http://www.directadmin.com/forum/showthread.php?t=22715

For automated vacation messages changes by email users, it can be implemented via API here, or just use the plugin above:http://www.directadmin.com/forum/showthread.php?t=13112

A squirrelmail plugin has been created which allows interaction with DirectAdmin showing usage, as well as the ability to change the password and vacation message:
http://www.directadmin.com/forum/showthread.php?t=31050