Edmund A. Hajim  School of Engineering and Applied Sciences

Passwords on HSEAS UNIX/Windows Systems

Your password's quality (or lack thereof) has a non-trivial effect on overall system and network security. Because of that, we require that you use a good password. Here are some general guidelines on selecting and managing a password on our UNIX systems.

Selecting a good password.
* Your password should be easy to remember, but hard to guess.

* Your password should have 6 to 8 characters; fewer is not sufficiently secure. Characters beyond the eighth character are ignored.

* Your password should consist of upper and lower case characters, and should contain some special characters (e.g., &, $, _, !, and so on), and some digits/numerals.

Cautions

* Absolutely never, ever, share your password with anyone - Not a friend, not even a family member. Not with other members of your lab group

* Never use a word that might appear in a dictionary (in any language).

* Never use a date (e.g., your birthday)

* Never use a slightly changed version of your previous password.

* Never use a password you use on systems outside the School of Engineering.

* Never use an HSEAS system password for accounts on remote hosts (e.g., at other universities, Kodak, AOL, or your Internet Service Provider (ISP)).

* never use a name (yours, the system's name, a family member or friend), your license number, phone number, etc., i.e., nothing personal.

* never write down your password. Never send email containing your password.

* do not rely on simple substitutions (e.g., substituting '$' for 's', ("$ecret" instead of "secret") or '2morrow' for 'tomorrow') to make a bad password good.

Examples of Good Passwords (Do not use these examples!)

G8flD3ad (mnemonic: "Grateful Dead")

aSchSvs9 (mnemonic: "a stitch in time saves nine")

Examples of BAD passwords (certainly do not use any of these!)

8-23-47 (reason: a date string, e.g., a birthday; also, no upper/lower case)

8/23/47 (reason: a date string again)

470823 (reason: yet another date string format)

Jul-23-47 (reason: again, a date)

password (reason: in dictionary, a commonly used stupid password)

secret (reason: in dictionary, another commonly used stupid password)

secret1 (reason: suffixing a bad password with a digit does not make it a good password)

ciaobella (reason: in a (non-English) dictionary)

x (reason: a single character, too short)

1Johnson (reason: name - the prefix '1' doesn't really help)

Also, using your UR ID number or Social Security Number for a normal password is a very bad idea. Those numbers are too easily available. You will need to select a password, but do not tell the system admin helping you what this word is. You will never be required to give your password to any admin. If someone tells you they are an admin, and asks for your password, refuse, and contact one of the admins you know.

Please do not change your password back to an old, insecure password, even temporarily!

The UNIX command to change your password is passwd . You can find out more about this command by looking at the UNIX manual pages by entering the command: man passwd at the UNIX shell prompt on any of our UNIX systems.

Last modifed: Thursday, 07-Apr-2011 08:58:00 EDT