Passwords

On this page:
Overview
Password Confidentiality 
Kerberos Password Policy
Do Choose...
Do Not Choose... 
Changing Your Kerberos Password

Overview

Passwords are an important part of computer security and are the keys to many things: your bank account, your computer, your email, a server on a network. Your password helps to prove you are who you say you are, and ensures your privacy.

Stolen passwords are the means by which most unauthorized (and unscrupulous) people gain access to a system. Someone logging on under your name has access not only to your computer files, but to most of the facilities of the computer system. Tampering can have far-reaching and serious consequences, including the exposure of financial, medical and other personal information.

It is recommended to change your password at regular intervals, depending on what the password provides access to. Password strength and protection should be commensurate with risk.

YOU are assumed to be responsible for anything done using your password and for taking the appropriate steps, as outlined below, to select and secure your passwords.

Password Confidentiality

Never tell anyone your password -- not even your system administrator, account manager, your friends, or even people from Athena or IS&T -- and don't write it down. Make sure you have chosen a password that you can remember.

In the rare occasion that you may need to share your password with a trusted colleague for the purpose of conducting business, you are strongly encouraged to change your password once the need for sharing has passed.

Don't talk about a password in front of others or hint at the format of the password (e.g., "my family name"). If someone demands a password, or needs access to shared files, refer them to the Service Desk.

If an account or password is suspected to be compromised, report the incident to the Security Support team.

Always log out of a system that requires a password when done using the system or stepping away from the computer, especially in a public area.

Kerberos Password Policy

• The password must be equal to or greater than 6 characters.
• It must have at least 2 character classes. Character classes that can be used are capital letters, lower case letters, numbers, symbols, and punctuation marks.
• It must not be one of the three previous passwords you have used.
• It must not be a commonly used dictionary word (however, a pass-phrase, e.g., more than one dictionary word strung together, is a good version of a strong password, as long as it can not be easily guessed)..

Do Choose...

• Something easy for you to remember with at least six characters. There is no limit to length; the longer the password, the stronger it becomes.
• Something obscure; a deliberately misspelled term or an odd character in an otherwise familiar term, such as phnybon instead of funnybone. Or use a combination of two or more unrelated words.
• A mix of alphabetical, numeric and symbolic characters.
• A mixture of upper- and lowercase; passwords are case sensitive.
• A phrase like "many colors" using only the consonants, e.g., mnYc0l0rz or a misspelled phrase, e.g., 2HotPeetzas or ItzAGurl.
• An acronym for your favorite saying, or a song you like e.g., GykoR-66 (Get your kicks on Route 66) or L!isn! (Live! It's Saturday Night!).
• An easily pronounced nonsense word, e.g., slaRooBey or krang-its.
• Two or more words separated by a non-alphabetic, non-numeric, or punctuation character, e.g., mac2%beav or cat,bear#

Do Not Choose...

• Your name in any form -- first, middle, last, maiden, spelled backwards, nickname or initials.
• Your userid, or your userid spelled backwards.
• Part of your userid or name.
• Any common name, e.g., Linda, Joe.
• Passwords of fewer than six characters.
• A previously used password or a password used for more than one account.
• A password similar to your last password.
• The name of a close relative, friend, or pet.
• Your phone or office number, address, birthday, or anniversary.
• Acronyms, geographical or product names, and technical terms.
• Any all-numeral passwords, e.g., your license-plate number, social-security number.
• Names from popular culture, e.g., spock, sleepy.
• Words that are either proceeded or followed by a digit, a punctuation mark, up arrow, or space.
• Words or phrases with all the vowels or whitespaces deleted.
• Any word that exactly matches a word in a dictionary, either forward, reversed, or pluralized -- or with some or all of the letters capitalized.
• Words or phrases that do not mix upper and lower case, or do not mix letters or numbers, or do not mix letters and punctuation.
• Words that match a dictionary word with any of the following translations:
  a -> 2, a -> 4, e -> 3, h -> 4, i -> 1, l -> 1, o -> 0, s -> $, s -> 5, z -> 5

Changing Your Kerberos Password

Remember: Change your Kerberos password at regular intervals.

How to change your password on:

• The Internet using certificates
• Athena
• Linux
• Macintosh OS X:
  1. Finder > Applications folder > Utilities folder.
  2. Open the Kerberos application.
  3. Authenticate by clicking New.
  4. Click Password.
  5. Enter your old password once, then your new password twice.
• Windows XP:
  1. Start>Programs>Kerberos Utilities>Leash32.
  2. From the Action menu, choose Change Password.