Choosing a Good Password
Your password is what tells the computer that you are who you say you are. Until we can do retina scans like in James Bond movies, the password is the best that we can do. But, because your password is like a key to your account, you need to safeguard it. Anyone who has your password can get into your account, and your files. Anyone who can guess your password has it. Anyone who has your password can pose as you. Therefore, you may be held responsible for someone else's actions, if they are able to get your password. You may not wish this to happen. Tips on safeguarding your password
* First and foremost, NEVER give your password to anyone. ``Anyone'' means your coworkers, your spouse, your systems administrator. In the event of an emergency, the sysadmin can change your password. Your sytems administrator never has a need to know your personal password. If someone needs to get onto our machines, and has a reason to be here, do not give them access to your account. Speak to the systems staff about us setting up an account for them. We would be very happy to give them one. * Make your password something you can remember. Do not write it down. If you really, honestly forget your password, we can easily give you a new one. We'd rather set your password once a month because you forgot it than have someone find it written down and gain unauthorized access to your account. * Make your password difficult for others to guess. This is not as hard as it initially seems. See the section below on chosing a good password. * DO NOT Change your password because of mail from someone claiming to be your systems administrator, supposedly needing access to your files!! This is a popular scam in some circles. Remember, your systems administrator never needs your password for any reason. If someone needs to ask you to change your password so that they can gain entry to your account, they do not have reason to be there. We run sophisticated password crackers on the password files of our machines. If we guess your password, you will have to come see a staffer to have it changed. These are the same crackers that the bad guys have access to, so if you have a weak password, it's better if we find out about it first. How Not to Choose a Password
Here are some of the types of passwords that will be picked up by our crackers: * Words in the dictionary.
* Words in any dictionary.
* Your user name.
* Your real name.
* Your spouse's name.
* Anyone's name (crackers don't necessarily know that your aunt's middle name is Agnes, but it's easy enough to get a list of 100,000 names and try each one). * Any word in any ``cracking dictionary.'' There are lists of words that crackers use to try to crack passwords: passwords that a lot of people use. Some of these lists include: Abbreviations, Asteroids, Biology, Cartoons, Character Patterns, Machine names, famous names, female names, Bible, male names, Movies, Myths-legends, Number Patterns, Short Phrases, Places, Science Fiction, Shakespeare, Songs, Sports, Surnames * Any of the above, with a single character before or after it (``8dinner'', ``happy1''). * Any of the above, capitalized (``cat'' --> ``Cat'') * Any of the above, reversed (``cat'' --> ``tac''), doubled (``cat'' --> ``catcat'') or mirrored (``cat'' --> ``cattac''). * We used to tell people that taking a word and substituting some characters (a 0 (zero) for an o, or a 1 for an l) made a good password. This is no longer the case. New crackers have the capability to crack things like this, in certain situations. *...