What are the guidelines for creating strong passwords on network devices?
At least 8 characters (ideally 10+), mixing case/numbers/symbols, no dictionary words or personal info, changed often — or use a multi-word passphrase.
A strong password is one that resists guessing — both by humans who know you and by software that automates millions of attempts (brute-force and dictionary attacks). Every guideline below exists to raise the number of guesses an attacker would need, or to shrink the window in which a stolen password is useful:
- Use at least 8 characters (preferably 10 or more) — length adds far more strength than complexity, because each extra character multiplies the search space.
- Mix uppercase, lowercase, numbers, symbols, and spaces so common patterns don't apply.
- Avoid dictionary words, simple sequences, your username, and personal info (birthdates, names) — these are the first things both people and cracking tools try.
- Deliberately misspell words to defeat dictionary attacks (e.g. Security → 5ecur1ty).
- Change passwords often so that even a leaked password stops working quickly.
- Never write passwords somewhere obvious.
Passphrase: a sentence made of several words separated by spaces (e.g. "purple horses eat slowly"). It is long enough to be hard to crack yet easy for a person to remember — often the best of both worlds.
Go deeper:
Password strength — Wikipedia — why length beats complexity (entropy), how dictionary attacks work, and the case for passphrases.