Password Primer
Passwords are the primary defense against unauthorized access 
to networks.One of the key issues is the choice of passwords. 
Here are some of the rules that should be followed when choosing
appropriate passwords.

  
Passwords should not reflect the company name
  
Passwords should not reflect the business of the Company
  
Passwords should not reflect the equipment where they are used
  
Passwords should not be decipherable based on any configuration 
parameter like the model number or network address of the equipment.
  
Passwords should not be any word that appears in a standard 
dictionary.
  
Passwords should be unique
  
Passwords should not be sequential
  
Passwords should include both uppercase and lowercase characters and
non alphanumeric characters if possible.
  
Passwords should be as long as reasonably possible.
  
Any list containing passwords should be closely guarded.

Critical passwords should be changed whenever a person with that level of
access leaves the company- especially if a person is terminated involuntarily.
Non technical managers should not have system passwords
Passwords should not be distributed over the internet.