Home > Help Files > Password > Changing Passwords

Changing Passwords

[Password Requirements] [Unix Passwords ] [Windows 2000 Passwords]

Password Requirements

Recently, we have been forced to tighten security on our login server, namely in terms of what passwords are considered "secure". We have discovered that one of the most common misconceptions is that anything followed by a number or symbol, such as "neutron7" or "Shoot!" is a good password. This is not the case...

User accounts must now satisfy the following requirements for valid password:

  • At least one non-numeric character.
  • At least 6 characters (spaces are ok).
  • No more than three letters in a row.
  • No dictionary words, such as "neutrino", or names, such as "joanne",
  • No dictionary words followed/preceded by a number or symbol, like "shadow5!" or "2bigdog"
  • No places or events.
  • No common abbreviations, such as "mrs", "ucb", "cpu", "bjt", etc.
  • Must contain capital letters and/or numbers, but:
  • Do not use your phone number, birthdate, SID, the current year, or common number series (e.g. 1234, 711) or your SSN as numbers.
  • ***MUST NOT BE BASED ON YOUR NAME OR LOGIN*** (this includes your initials, or your login backwards)
  • Do not use keyboard-related mnemonics, (e.g. no "asdf", or "123qwe")
  • All of the above rules apply to reversed words as well, i.e. just as "hello123" is not a good password, neither is "olleh123"
Note that some of these requirements overlap; please follow all of them. Note that simply replacing one or two letters with "look-alike" numbers, such as "hell0", "b3rk3l3y", or "m1cr0" is also insecure. We apologize if these rules tend to allow only difficult-to-remember passwords, but don't forget, we are much happier to change your password if you forget a difficult one than we are if the system is broken into due to an easy one.

Note also that we periodically run a program to attempt to break user passwords. This is the same type of program that hackers use frequently. The idea is, if we can use this progam to figure out your password, so can a hacker. If the program guesses, or "cracks" your password, your account will be temporarily shut off while we assign you a new one. Save yourself the trouble and choose a password based on the above guidelines.

The randomly-generated password sticker given to you when you applied for your account is likely to be more secure than anything you come up with, however it is nearly impossible to type or remember. Some suggestions for passwords are given below, however remember these passwords are insecure because they appear on this page. Use these passwords to get ideas for your own.

  • w@L<Ysu6    "We all live in a yellow submarine."
  • C&cu6pwz    "Changing and Choosing Unix Passwords"
  • @s<tim$9    "A stitch in time saves nine."

UNIX PASSWORDS

Whenever you login to UNIX, you must type both your login name and your corresponding password. Your password serves as a security check to protect your UNIX account from unauthorized users. Only people who know your password can login to your account. Therefore, it is probably a good idea to change your password on a regular basis. Notice that our Windows NT password database is seperate from the UNIX cluster database: you will have to change your password seperately on these two systems. For power users, jump to password requirements.

Change your password with the "passwd" command described below. Your new password will take effect immediately on the login server and within 30 minutes on all unix servers. Please be aware of the propagation time! The unix servers include:

  • kepler.berkeley.edu (1111 Linux cluster server)
  • passwd.decf.berkeley.edu (login server)
  • all 1111 Linux clients
  • 1171 Etcheverry server and clients
  • maxwell.berkeley.edu (Your email password)

There are two ways to change your UNIX passwords:

Through a web browser

  1. Go to WebSSH
  2. A dialog box will appear asking if you wish to grant permissions to the applet. Click "grant this session" or "grant always" to proceed.
  3. Login to passwd.decf.berkeley.edu: For example: 
       passwd.decf.berkeley.edu login: john
   john@passwd.decf.berkeley.edu's password: type your current password
  4. Change your password. Note that your passwords won't be displayed on the screen: 
       john@kepler [2:30pm]> passwd 
   Changing password for john.
   
   Old password: <type your current password>
   New password: <type new password>
   Retype new password: <re-type new password>
   john@kepler [2:30pm]>
  5. Wait 15 minutes for your passwords to propogate to all our systems.
You can also temporarily reset your password at https://www.decf.berkeley.edu/acct/passwd_form.html using your CalNet ID.

Logging into passwd.decf.berkeley.edu

  1. Log into passwd.decf.berkeley.edu using SSH (secure shell). DO NOT USE TELNET!
  2. Change your password. Note that your passwords won't be displayed on the screen: 
       john@kepler [2:30pm]> passwd 
   Changing password for john.
   
   Old password: <type your old password>
   New password: <type new password>
   Retype new password: <re-type new password>
   john@kepler [2:30pm]>
  3. Wait 15 minutes for your passwords to propogate to all our systems.

WINDOWS 2000 PASSWORDS

To change your password for the Windows 2000 machines, you need to log into one of the lab 2000 workstations using your old password, and then press CTRL-ALT-DEL. This will bring up a Windows 2000 Security dialog box. Choose the "Change Password" option and type in your old and new passwords in the next dialog boxes. This change takes place immediately and on all the workstations.

 

 

Comments to consult@newton.berkeley.edu
© 1998-2008 UC Regents