When told that a password should include upper- and lowercase letters, numbers and symbols, many people use common words, substituting numbers and symbols for letters. The numeral three for e, seven for T, ! for L and so on. That used to be a good technique for foiling password-cracking programs that try every word in the dictionary.

But crackers have caught on and now look for just those modifications to dictionary words. As faculty and staff switch to the new Exchange mail server over the next few months, passwords based on common words with substitutions will be rejected.

Try breaking words up with extra numbers or symbols, or use the initial letters of a phrase. S:p!n@gP!, for example, represents the headline on this box. (But make up your own phrase; computer scientists at Carnegie Mellon University cracked these passwords by comparing them with well-known phrases.) Or, just use the whole phrase. Cornell passwords must be at least eight characters long, but much longer is much better. Some cracking programs work by randomly combining characters. The more characters there are, the more possible combinations.

And when you're done, don't write it on a post-it note and stick it on your monitor. Sheesh!

The 10 Most Common Passwords (Compiled by Lenae Boykin, Texas A&M University): password, 123456, qwerty, abc123, letmein, MonKey, myspace1, password1, Blink182, your first name.