?>
As many of you will know, the first line of attack for trying to illegally access a computer is by discovering user account passwords.
Passwords, then, are a key part of the security barrier around any computer. If hackers discover a user password, they can enter the system without notice. This can be hard to detect and take a long time to trace.
This problem is magnified several times if the computers are networked, as in the case of the Facultad de Informática.
This document aims to provide some general tips on what passwords to use in different environments.
You will be asked to sign that you have read and accept the Computer Suite Access Policy and the Account Opening Application. They state:
As users have sufficient mechanisms to make their accounts secure, they shall be held responsible for any undue use of them.
The key word here is RESPONSIBLE. No matter how unfair it may seem, users must accept their responsibility for any irregularities. These regulations are being applied at both national and international research centres. We have not invented them. It is only logical that the Computer Centre cannot take responsibility for the consequences of user negligence, slovenliness or thoughtlessness.
One of the reasons why you should take care is that you will find it hard to prove that you were not the offender if anybody uses your account incorrectly.
A good password should meet the following requirements:
Although it looks tough, it is actually quite easy to devise a good password.
Password guessing programs do not try out all possible combinations. What they do is try out a lot of "possible passwords". If your password is not in the search space, then you have nothing to fear.
But let's take a look at what you should not do:
Good passwords should comply with the following recommendations:
Also, there are methods to help you choose a good password:
Remember that if you use letters only, do not use any of the following methods:
All operating systems place restrictions on what character set you can use for your password:
No matter how good your password is, it still could be discovered. Someone may have seen you key in your password or capture it through sniffers (programs that listen to network traffic). Hackers may have set up a terminal server simulator and be capturing passwords or have installed a resident program on your personal computer that logs keystrokes and stores the password. Passwords are often discovered through "failed logins", as many users make the mistake of keying in the password instead of their user name.
For these and many other reasons, we recommend that you change your password every now and again and at least every three months.
The problem with using the same password for all your accounts is that anyone who discovers the password of one of your account's will have access to them all.
Another thing you should never do is use elementary algorithms to generate passwords, e.g. MhCfg101, MhCfg102, ... This is not the best option, as anybody could easily guess at them.
Also, if anybody enters your account, they could install a false Telnet and capture your passwords when you use it again.
For this reason, we recommend that you use a different password for all your accounts. Also make sure that they are not alike. If for any reason you are unable to use different passwords, be very careful about the one you do use and be sure to change it regularly (at least once a month).