Page tree
Skip to end of metadata
Go to start of metadata


NICS currently maintains two separate authentication systems: our legacy 'Unix' password system, and our newer 'Windows' password system.

We will eventually phase out the old Unix password system, though that process will take some time, as much of our older infrastructure is highly integrated with it. What this means for you, the user, is that you will have to update your password in two location each year. We recommend updating your 'Unix' password first, as it has much pickier requirements. Once you've completed that, then upgrade your 'Windows' password, which we recommend that you set to be the same thing, so as to avoid future confusion.

Updating my Unix Password

From any computer on the UCO network, SSH to password.ucolick.org. You will need to use your current UNIX password to authenticate with this system.

Apple users

For people using an Apple Mac computer, you will need to launch a terminal. This can be accomplished by either:

  • Going to the Launchpad, clicking on the 'Other' folder item, and selecting 'Terminal'
  • Clicking on the Spyglass icon in top-right corner of your screen near the clock, typing in the word 'Terminal' and selecting the item in the list
  • Opening Finder, from the menu bar at the top of the screen, selecting 'Go' and then 'Applications', scrolling down to the 'Utilities' folder, and double-clicking 'Terminal'

With Terminal open, you can then type in:

ssh <yourusername>@password.ucolick.org

If you are connecting from off the UCO network (either on-campus or from home or elsewhere) you will need to first connect to our jump host:

ssh <yourusername>@ssh.ucolick.org

Once connected through our jump host, you should then proceed to SSH the password system.

Windows users

You will need to launch the 'Putty' application in order to connect. If Putty is not installed, you can download it from here. This is the Putty program itself, and not an installer. Once it is downloaded, launch it directly.

With Putty open, in the Host Name field, type in password.ucolick.org and click 'Open.' If you are connecting from off the UCO network (on-campus or from home or elsewhere) you will need to first connect to our jump host. In the Host Name box, type in ssh.ucolick.org and click 'Open'.

In both cases, you will be prompted for your UCO Username, and current password. In the case of connecting through the jump host, after you are logged in, you will need to type

ssh <yourusername>@password.ucolick.org

to proceed. This will connect you to the password server.

Linux/Unix users

Launch a terminal. There's many different ways to do this, use what works best for your situation.

With your terminal open, you can then type in:

ssh <yourusername>@password.ucolick.org

If you are connecting from off the UCO network (either on-campus or from home or elsewhere) you will need to first connect to our jump host:

ssh <yourusername>@ssh.ucolick.org

Once connected through our jump host, you should then proceed to SSH the password system.

Once you are connected

Once you successfully log in, you will be presented with a menu of options.

Please select from the following:

        Change my UNIX password         [u]
        View/change my mail password    [m]

        Quit                            [q]

Your choice:

If you select u, you will be prompted to re-enter your current UNIX password; after successfully re-authenticating, you will be presented with a second set of options.

You are changing the UNIX password for 'yourusername.'
Please select from the following options:

        Pick a password                         [p]
        Generate an alphanumeric password       [a]
        Generate a really hard password         [h]

        Quit (don't change passsword)           [q]

Your choice:

The first option will allow you to enter a new UNIX password of your choosing; the second and third options will generate two different types of acceptable passwords for you. If at any point you want to exit the password system without setting your password, hit ctrl-c to abort.

Any changes made to your UNIX password will take effect sometime after 2AM the following night.


Updating my Windows Password

Note - These instructions only applies to users who have a computer bound to the Windows domain. If you are unsure if this is the case for your computer, please contact NICS to request assistance.

Apple users

#todo

Windows users

From a Windows computer you are logged in to, updating your Windows password is incredibly easy. Simply press `Control + Alt + Delete`, and you will be shown a secure management screen similar to this:

Simply click 'Change password' and follow the on-screen instructions.

Please note - your password change takes effect immediately.

Linux users

From your computer, open a terminal and run the command

smbpasswd -U <yourusername> -r win.ucolick.org

and press enter. Follow the on screen prompts.

Please note - your password change takes effect immediately.


Additional Information

Password criteria

The password selection program enforces restrictions on your password complexity, all of which must be met in order for the password to be accepted. Those criteria are:

  • Between 8 and 72 characters in length
  • Contains lowercase, uppercase, and numbers or punctuation (or both) in the first eight characters of the password
  • No character is used more than twice in the first eight characters of the password
  • No character is repeated consecutively (aa, bb)
  • Does not match any dictionary word
  • Does not match any of your previous passwords
  • Does not contain a sequence of characters (abc, 123)

Password expiration

All UNIX passwords expire not more than one year after they are initially set. You will receive e-mail warnings up to a month prior to the final expiration of your UNIX password.

Help changing your password

If you have forgotten or otherwise do not have your UNIX password, please contact nics@ucolick.org for assistance.

Tips for password selection

  • A little complexity goes a long way.
    If someone is trying to guess your password, you want them to guess from as many different choices as possible. There are two ways to increase the complexity of your password: variety in the characters used in your password (several of the rules above have this goal in mind), and password length. If you look at the numbers, the password complexity is related to the number of characters to choose from, raised to the power of the length of the password. For example, an eight-character all lower-case password has 26^8^ different permutations-- some 200 billion possible choices. A reasonably fast computer can exhaustively check all of these passwords in a week. What if instead of all lower-case, you do lower-case and upper case? With that modest modification, there are now 52^8^ possibilities-- some 50 trillion different passwords. That puts us in the neighborhood of 13 years to exhaustively check. Further improvements are gained if you toss in a number or some punctuation, or use a longer password when possible.
  • Construct your password from a memorable phrase.
    Choose a phrase from a favorite song, or a memorable quote. Take a letter or two from each word, introduce some punctuation, maybe a number or two, and presto! Instant password. For example, if I take the phrase "Construct your password," I might come up with: C0nYRpwd. While there's no punctuation in that example, the end-result is sufficiently random to defeat most brute-force password cracking programs.
  • Use a system to remember passwords across multiple sites.

    You have logins on six or seven different machines, and you want to do the right thing and not use the same password on each system. One simple and effective answer is to have a system of passwords that you can memorably relate to each system. Maybe the passwords are long enough that you can incorporate the name of the system into your password somehow? For example, you have the password grb$n0ut, which you want to use on the hosts larrycurly, and moe. These systems allow password lengths up to 72 characters, so you decide to go with: grb$nlarry0utgrb$ncurly0ut, and grb$nmoe0ut. Your original password was "garbage in, garbage out," but you inserted the host names such that the passwords are now "garbage in, hostname out." If you have no problems remembering the original password, you'll be able to remember the entire scheme.
  • Try typing your new password before you select it.

    You may have to type this password frequently over its lifetime. If it is going to be prohibitively difficult for you to type, you want to discover this before setting it, rather than afterwards. One helpful way to add complexity to a password and keep it simple to type is to batch together your use of the shift key for capitals or punctuation-- if you are going to have three characters that require you to hit shift to type them, typing your password is generally easier if those three characters are all in a row.
  • No labels