• View
• History
• Source
• Backlinks

• login

1.  Introduction

Your user-name and Password grant access via remote control as well as physical terminals. Therefore if your credential security is compromised unauthorized access to your account with its files and personal information may occur. Although this is unlikely this would be a serious security breach.

2.  Strong Passwords

Nobody should use simple passwords, such as single dictionary words or simple patterns of letters or numbers like aabbcc or 54321. Only strong Passwords should be used. Strong passwords are necessary to protect against "brute-force" attacks which use automated techniques to randomly input every mathematically possible sequence of characters and dictionary attacks which automatically input every word in the dictionary.

A Strong password has some combination of upper and lower-case letters, numbers and/or typographical symbols, the more of each of these a password has, the stronger it is. No password should ever be a dictionary word like "catfish", popular saying or phrase like "youngandtherestless" or a trivial variation on a dictionary word like "stapler21".

The strongest Passwords are more than eight characters long, contain a mix of numbers, letters and symbols, and are not based on dictionary words. You should use the strongest Password you can remember.

If you base your Password on language utterances, you should use more than one word and avoid words that are related. For example, the password robust1hamburger2observations3 seems very simple but...

1. It has a very large length (30 characters).
2. It has both letters and numbers.
3. It is not a dictionary word (multiple unrelated dictionary words strung together in this way are not going to be in dictionary attacks).

It would actually take about 6,000,000,000,000,000,000,000,000,000,000 years using a high-end desktop computer to break that password with brute-force techniques, so this password is very strong But don't use this exact password please, any password used as an example password is inherently vulnerable because it's a known value.)

• If you would like to check your password's strength, Microsoft has set up a secure password strength-checker (this site is encrypted and safe).

3.  Password Security

You should never give your Password to anyone.

Do not let anyone watch you enter your Password and do not enter your Password if you are unsure of the security of the terminal.

You should use a different password for each site, account and service. Whenever you change any password you should not use a password that you have already used.

You may write passwords down, but the document must not be stored near any computer terminal. Administration has prepared a form for this, available from the Online Helpdesk . It is better to avoid writing passwords down, but not if this causes you to reuse passwords or to use weak ones.

4.  Password Expiration and Invalidation

Should your password expire or be administratively invalidated you will be forced to reset it before you can log in. In this situation the system will automatically prompt you to enter a new password if you attempt to log in with your old one. If you try to evade the prompt, the system conclude it is under attack and lock down your account, something requiring administrative intervention to fix.

A password expires periodically for security reasons. This is an automatic function of the system. Your password could also be administratively invalidated as part of the process of recovering from a forgotten password, your password may also expire or be rejected by the system if it is not in compliance with this policy.

5.  Administrative Authority

Administration has broad technical power and authority to enforce this policy. Administration may configure the UNIX system to reject weak passwords, run simulated attacks, invalidate passwords, change the expiration tenure of passwords or block features.

Administration assumes good-faith on the part of its users (in this and other matters) but that does not mean that precautions are not being taken.

Categories: Policy, Security