Passwords

Changing your Unix Password

• To change your UNIX password, connect to a machine running Solaris, type “yppasswd” at the command prompt, and follow the interactive instructions.
• Make sure you choose a secure password. You will need two separate passwords, one for your UNIX account and one for your Windows account. Please note that your UNIX password is limited to 8 characters.

Changing your Windows Password

• To change just your Windows password, log into a machine running Windows.
• Navigate to Start -> Windows Security (on the right side of the menu).
  • Note: You can also get to this menu by hitting ctrl+alt+del
• Select the 'Change a password...' option
• Fill out the form - be sure to pick a secure password - and hit enter

Forgetting your Password

Bring a picture ID to Keller Hall 1-213 during our business hours. Our staff members can manually change your password and solve account problems, but we cannot help you without proof of identity.

Do NOT send your password to the operator via e-mail. Messages sent via e-mail are sent in plain readable text, which is easily intercepted by hackers. If you send your password to operator via e-mail, we will close your account until you reset your password. The operator will NOT send you your password via e-mail. System Administrators will NEVER ask for your password, they do not need it to do their job.

Choosing a Good Password

Weak passwords are easily broken by intruders with dictionary-based password cracking programs. This is a problem for system security, and thus is not allowed. Accounts with weak passwords will be closed. More information about user security is available.

How to Choose a Good Password

NOTE: Your UNIX password and your Windows password are not stored in the same place. For your protection, we highly recommend that you do NOT share passwords between your UNIX and Windows accounts. Doing so can jeopardize your account security.

UNIX passwords must be at least 6 characters long. Windows passwords must be at least 8 characters long.

Passwords should contain 3 of the 4 character types:

1. UPPERCASE letters: A-Z
2. lowercase letters: a-z
3. numbers: 0-9
4. symbols: ~`!@#$%^&*()_-+={[}]|\:;"'<,>.?/

Do not use all letters or all numbers, and do not use a dictionary word in any language or a permutation of such. Dictionaries of all languages are available online, and not all hackers speak English. Also avoid using your name, account name, common names of people or places, technical jargon, repeating sequences and keyboard sequences.

Do not use a well-known phrase to generate a password. This approach may be vulnerable to a dictionary attack using dictionaries compiled from popular media phrases. A paper entitled Human Selection of Mnemonic Phrase-Based Passwords, by C. Kuo, S. Romanosky, and L. Cranor of Carnegie Mellon University’s CUPS Laboratory explores this potential threat.

Examples

Good Passwords (but don't use these, make your own!)

• Mhtiasp!   Based on “My home town is a small place!”
• Mh714sp!   Based on “My home 7own 1s 4 small place!”
• .-Mcismf--.   Based on “.-Morse code is so much fun --.”
• 2Tamlamt   Based on line 2 of Shakespeare’s Sonnet #18 “Thou art more lovely and more temperate”

Bad Passwords

• mypasswo - Obviously plain-text based (“mypassword”)
• kathy5 - Name-based
• ........ - Repeating sequence
• abcabc - Repeating sequence
• dr1v3way - Word-based with common letter/number substitution
• gandalf1 - Based on the name of a character from The Hobbit
• triskeli - Based on a word from Star Trek (“triskelion”)
• ykmfptd! - Based on a quote from the movie Princess Bride: “My name is Inigo Montoya. You killed my father. Prepare to die!”