Password best practices for users
Use the following best practices to create strong passwords for your users that protect your Splunk Enterprise deployment.
Tips for creating strong passwords
- Create unique passwords with a combination of words, numbers, symbols, and both lowercase and capitalized letters.
- Consider groups of words that form a phrase or sentence, such as the opening sentence of your favorite novel or the opening line to a good joke. The ideal password could be an obscure, random phrase that is easy for you to remember, but impossible for an automated system to guess.
- Make your password as long as your system lets you. It is increasingly easy to build password-cracking tools that can try hundreds of billions of possible password combinations per second. Each character you add to a password or passphrase increases resistance to brute-force methods.
Avoid the following insecure practices
- Do not choose passwords based on personal information, such as your birth date, your Social Security or phone number, or the names of family members.
- Do not use a word from the dictionary. Password-cracking tools that are freely available online often come with dictionary lists that will try thousands of common names and passwords. Try using multiple words, adding a numeral to the words, or adding punctuation at the beginning or end of the word, or both.
- Never use the same password for different websites.
- Never use the password you've picked for your email account at any online website.
- Do not store your list of passwords on your computer in plain text, or even on a piece of paper.