Password recommendations at NIKHEF
Most of these recommendations are copied from the CERN guidelines.
How to change NIKHEF passwords
-
To change a UNIX password, use yppasswd on login.nikhef.nl.
Note: This is the same password you need to read e-mail from the servers imap.nikhef.nl and pop.nikhef.nl. - To change a Windows password: use the login screen, sometimes sys admin will force you to change your password by the Windows login.
-
To change your AFS password: use
kloginon login.nikhef.nl
We recommend that you change your passwords whenever you return from a trip that could have exposed them and at least once per year.
How to choose good passwords
A good password is:
- private: it is used and known by one person only
- secret: it does not appear in clear text in any file or program or on a piece of paper pinned to the terminal
- easily remembered: so there is no need to write it down
- at least 8 characters
- a mixture of at least 3 of the following: upper case letters, lower case letters, digits and punctuation
- not guessable by any program in a reasonable time, for instance less than one week.
Here are some hints to help you choose good passwords:
- Choose a line or two from a song or poem, and use the first letter of each word. For example, `In Xanadu did Kubla Kahn a stately pleasure dome decree' becomes `IXdKKaspdd'.
- Alternate between one consonant and one or two vowels with mixed upper/lower case. This provides nonsense words that are usually pronounceable, and thus easily remembered. For example: `roUtboo' or `quADpop'.
- Choose two short words (or a big one that you split) and concatenate them together with one or more punctuation characters between them. For example: `dog+F18' or `comP!!UTer'.
Attackers and programs that can try to break into your account know a large number of "frequently used" passwords. Here are some guidelines to avoid guessable passwords:
- don't use your login name in any form (as-is, reversed, capitalised, doubled, with a prefix, with a suffix...).
- don't use in any form your first or last name and, more generally, any information easily obtained about you. This includes car license plate numbers, telephone numbers, insurance numbers, the brand of your car, the name of the street you live on, the name of your spouse or of your children...
- don't use a word contained in any dictionary of any language, spelling lists, or other lists of words (acronyms, sequences of letters like 'abcdef' or 'qwerty', place names, car names, cartoon heroes...).
Why you must change passwords
Even if you choose a good password, it can still be discovered: someone may see you typing it or capture it by snooping on the computer or network. If you accidentally type your password in place of your login name, it may appear in system log files:
joe ttyp9 Wed Apr 28 09:37
XSecret! pty/ttys0 Fri Feb 26 15:15 - 15:16 (00:00)
fred pty/ttys0 Fri Feb 26 15:16 - 14:27 (87+22:11)
Why you need good passwords.
The password is the most vital part of account security. If an attacker can discover your password, he/she can use your account to attack systems in or outside NIKHEF, as well as read, modify or delete all your files.
Remember!
A password is like underwear - keep it hidden
A password is like underwear - change it often
A password is like underwear - don't share it with friends