A secure password that will be accepted by the ACMS "gpasswd" change tool, must
meet
ALL of the following
five criteria:
<ol><li>Passwords must be 7 or 8 characters long,
</li><li>contain characters from
at least three of the following four groups:
lower case letters
upper case letters
numbers
non-alphanumeric characters (punctuation)
</li><li>NOT be a dictionary word or proper name,
</li><li>NOT contain : (colon),
</li><li>NOT contain any part of your name.
</li></ol>
A handy way to make a difficult-to-guess password is to crush two
common words together to make an uncommon or nonexistent word that you
can easily remember:
Hen>>ry BaD-Dog dRK)Lite
gr8.Days For,3Two bEer=kEg
tWi*gamE Hot|Watr wAlk>n2u
Make up your own password; undoubtedly someone will be trying
all of these just to see who they can get....
Passwords for new accounts (entered via ACSREG, addlogin, or
on account slips) cannot contain any of the following six characters.
$'!:" and SPACE [Sorry these won't work for new accounts.]
On the recharge Unix system, sdcc12, use the
passwd command to
change your password.
<h2>Using passwd on SDCC12</h2>
To use the passwd command on SDCC12 you need to open a terminal
window connected to your sdcc12 account - using
ssh, for example.
In this terminal window, at the command line prompt type the command
passwd. You will be asked to enter your current password once,
then your new password twice. Passwords are NOT displayed as you
type them.
The term "network password" refers to passwords in the UCSD Electronic
Mail Registration database maintained by ACT (formerly Network Operations). You use
this password to update your information in the database (e.g. to
change the destination to which your username@ucsd.edu address directs
your e-mail) and to dial-in to the campus modem pool, if you have a
dial-in account.
The simplest way to change your network password is with the ACMS
command "gpasswd". The gpasswd command allows you to globally
change your password on all ACMS systems supporting your account
(this includes the Network system, ucsd). However, gpasswd does
not allow you to change only your network password.
To change your network password and only your network password,
do the following:
telnet noc.ucsd.edu
login: register
password: register
Hit <return> at the "(vt100)" prompt. Pick the option that says
"Change Network Password" (option 4). Follow the directions from there.
Read the above section on good passwords for help on choosing a
password.
Improve Your Password Security to Avoid Break-ins!
Brian Kantor
Academic Network Operations
Academic Computing, Vol. 2, no. 8
July-August 1988
Revised by ACMS Staff, June 1999
Data security is a significant concern of most computer users
today. The first line of defense against "crackers" accessing your
computer account should be choosing a good password, since it is
by guessing or learning passwords that many of the
widely-publicized system penetrations have been accomplished.
First, let me explain why some common choices of passwords are bad.
Your name (or first name, or last name) is easy to guess. It is
particularly bad if that is also your computer login, yet some
significant fraction of computer accounts here at UCSD actually do
have the same password as the account name itself. Using reversed
spelling is not much help.
Many Passwords Are Easily Defeated
----------------------------------
A simple English word is easy to test. Many computer systems have
an online spelling dictionary, and it is not much work for villains
to write a simple program that tries every word in the dictionary
against every login password.
Your job title or department name is a bad password. It is
surprising how many people choose accounting or payroll as
passwords in commercial settings; at UCSD a password such as
research would be poor. These are easily penetrated.
Any word associated with a personal characteristic is easy for the
cracker to guess. For example, if you are known as a dog-lover,
passwords such as spaniel or mutt are less secure. Your auto
license, telephone, and social security number are not good bets
either.
A password made up of a random sequence of numbers and/or letters
is bad because most people would have to write it down. A password
that is written down is prone to interception; putting a password on
a sticky-note and pasting it on your terminal is egregious
insecurity.
Guidelines for good passwords on ACMS systems are given in the
documentation for the "gpasswd" command.
See earlier section for more information..
On systems in which the case of a password is significant, an
all-lowercase or all-uppercase password is less secure than one
with mixed case. A number or other special character like & or *
should be added to further confuse the villain.
Passwords decrease in security with age. It is therefore a good
idea to change your password occasionally. Perhaps every three to
six months, or at each quarter-break is probably often enough,
although you must change it if you have any hint that someone who
should not know it has found out your password. It is also a good
time to change passwords when key employees leave.
Short passwords (4-6 characters) are easy to guess, and simpler to
find by exhaustive searches. Many systems insist that you use longer
passwords. UNIX systems only use the first eight characters of a
password; a longer password is possible but will not add any
additional security.
Examples of bad passwords abound. Here are a few good passwords Most
are easily remembered, because they are pronounceable or are real
words. Some are misspellings of easily-remembered words. A handy way
to make a difficult-to-guess password is to crush two common words
together to make an uncommon or nonexistent word that you can easily
remember. Hen>>ry, BaD-Dog, dARK)Lite, e3r4W59, Four:3Two, bEer=kEg,
tWi*gamE, Hot|Watr, wAlk>n2u, {Y0urslf, gr8,ds. Make up your own
password; undoubtedly someone will be trying all of these just to see
who they can get.... [end of article]