In Partnership with AOL Search

DMOZ: Open Directory Project

Choosing and Protecting a Password

This is not a guide to choosing the best password in the world, and protecting it like it's your PIN number or your life. We realise that if you had to pick unique, extra-long, extra-strong passwords, for all the systems you use, and change them very regularly, and couldn't write them down... that you'd go insane. But, that's no excuse for using the name of your dog, 'password', or a string of expletives with a 1 on the end.

If anything in this document is unclear, or it takes you more than a few minutes to read it, digest it, and come up with a good new password, let rpfuller know, as it obviously needs to be made more simple.

What you Should Not be Doing

Most people are aware of the most obvious choices of password (if you are using the names of any of your family, please change your password now!)

However, because of the availability of automated password-cracking programs, you should also avoid the following:

What you Should be Doing

A recommended technique for choosing passwords which are hard to crack but possible to remember is:

Important

  1. If you have an 8-16 character password, which contains at least any three of upper case, lower case, numbers and special characters, and which doesn't look like a word or your username, you're probably doing well enough. Aim for that.
  2. Make every effort never to share your password with anyone. If it's written down, make sure it's not for public consumption on the bathroom wall. Don't save your password on a public computer, or a computer whose administrator you do not trust. Do not tell anyone, including ODP metas, administrators, and staff, your password, even if they request it. (Please notify the ODP administrative team if anyone does request your password, however convincing their need sounds.)
  3. Use a different password for each of dmoz.org, ODP::Passport, Resource Zone, and your shell account on research.dmoz.org. Never supply any of these passwords to a third party or editor-produced tool, however attractive the features of the tool are. (Please notify the ODP administrative team of any third party/editor-produced tool that requests these passwords.)
  4. Any passwords that you use for ODP systems should be different to all other systems. If you want to use the same password for the dozens of news sites that make you register to read the headlines, please go right ahead, but don't use the same password for the ODP, as we do have data that should not be shared, and if it gets leaked under your user account, it's your responsibility.
  5. Never re-use an old password, ever. Never use a password given as an example of a good password. (Nor one given as an example of a bad password. :-P) Never use an online password generator or pick a password from a list online.