A user's UNIX password is used to gain access to NICS-managed servers and workstations, for dial-up access to the UCO/Lick modem pool, and for access to the vacation webpage.
Changing your password
From any computer on the UCO/Lick network, ssh to password.ucolick.org. You will need to use your current UNIX password to authenticate with this system. Once you successfully log in, you will be presented with a menu of options.
Please select from the following:
Change my UNIX password [u]
View/change my mail password [m]
Quit [q]
Your choice:
If you select u, you will be prompted to re-enter your current UNIX password; after successfully re-authenticating, you will be presented with a second set of options.
You are changing the UNIX password for 'yourusername.'
Please select from the following options:
Pick a password [p]
Generate an alphanumeric password [a]
Generate a really hard password [h]
Quit (don't change passsword) [q]
Your choice:
The first option will allow you to enter a new UNIX password of your choosing; the second and third options will generate two different types of acceptable passwords for you. If at any point you want to exit the password system without setting your password, hit ctrl-c to abort.
Any changes made to your UNIX password will take effect sometime after 2AM the following night.
Password criteria
The password selection program enforces restrictions on your password complexity, all of which must be met in order for the password to be accepted. Those criteria are:
- Between 8 and 72 characters in length
- Contains lowercase, uppercase, and numbers or punctuation (or both) in the first eight characters of the password
- No character is used more than twice in the first eight characters of the password
- No character is repeated consecutively (aa, bb)
- Does not match any dictionary word
- Does not match any of your previous passwords
- Does not contain a sequence of characters (abc, 123)
Password expiration
All UNIX passwords expire not more than one year after they are initially set. You will receive e-mail warnings up to a month prior to the final expiration of your UNIX password.
Help changing your password
If you have forgotten or otherwise do not have your UNIX password, please contact NICS for assistance.
Tips for password selection
A little complexity goes a long way.
If someone is trying to guess your password, you want them to guess from as many different choices as possible. There are two ways to increase the complexity of your password: variety in the characters used in your password (several of the rules above have this goal in mind), and password length. If you look at the numbers, the password complexity is related to the number of characters to choose from, raised to the power of the length of the password. For example, an eight-character all lower-case password has 268 different permutations-- some 200 billion possible choices. A reasonably fast computer can exhaustively check all of these passwords in a week. What if instead of all lower-case, you do lower-case and upper case? With that modest modification, there are now 528 possibilities-- some 50 trillion different passwords. That puts us in the neighborhood of 13 years to exhaustively check. Further improvements are gained if you toss in a number or some punctuation, or use a longer password when possible.
Construct your password from a memorable phrase.
Choose a phrase from a favorite song, or a memorable quote. Take a letter or two from each word, introduce some punctuation, maybe a number or two, and presto! Instant password. For example, if I take the phrase "Construct your password," I might come up with:C0nYRpwd. While there's no punctuation in that example, the end-result is sufficiently random to defeat most brute-force password cracking programs.
Use a system to remember passwords across multiple sites.
You have logins on six or seven different machines, and you want to do the right thing and not use the same password on each system. One simple and effective answer is to have a system of passwords that you can memorably relate to each system. Maybe the passwords are long enough that you can incorporate the name of the system into your password somehow? For example, you have the password grb$n0ut, which you want to use on the hosts larry, curly, and moe. These systems allow password lengths up to 72 characters, so you decide to go with: grb$nlarry0ut, grb$ncurly0ut, and grb$nmoe0ut. Your original password was "garbage in, garbage out," but you inserted the host names such that the passwords are now "garbage in, hostname out." If you have no problems remembering the original password, you'll be able to remember the entire scheme.
Try typing your new password before you select it. You may have to type this password frequently over its lifetime. If it is going to be prohibitively difficult for you to type, you want to discover this before setting it, rather than afterwards. One helpful way to add complexity to a password and keep it simple to type is to batch together your use of the shift key for capitals or punctuation-- if you are going to have three characters that require you to hit shift to type them, typing your password is generally easier if those three characters are all in a row.