Introduction to passwords on the Department of Biological Sciences Computer systems


Why do we need passwords

Access to all the Department's computer accounts is controlled by a password. it is very important every accounts has a good password. a bad password makes it easy for a hacker to break into your account. once a hacker as gained access to your account they could do any of the following.

  1. corrupt or delete your files.
  2. use the account to attack other systems or pirate software. you may then have to convince the police and college of your innocence.
  3. attack other department systems. once a knowledgable hacker has access to an account it may only take them a short time to get system privileges. when one of the networked systems has been hacked the rest of the network could be at risk. an attack on the department network could result in a substantial disruption to all the computing activity and people being unable to work for some time.

all passwords are stored in an encrypted form in the system password file. when the unix encryption was first developed the computing resources required to crack the password file was not available. it now takes about a day for a 486 pc to find most of the bad passwords on the list below. for this reason it is vital that you choose good passwords to protect both your work and that of your colleges.

Which systems have passwords

a password is needed to access any of the following computer resources.

  1. Central UNIX clusters
  2. PC cluster network drives and printers from Windows and Linux. the PC cluster uses the same password file as the unix systems.
  3. Windows systems
  4. Graphics workstations.
  5. Computers dedicated to experiments or research projects.

Changing passwords

passwords are like toothbrushes you should change them regularly.

Changing UNIX/Linux clusteri, Email and Microsodt windows passwords

Use the web form to change both your UNIX/Linux, Email and microsoft windows cluster password

  • This web form is only accusable from computers on the Birkbeck College or UCL networks.
  • This will not change your password on the College ITS systems

Changing UNIX/Linux clusteri and Email passwords Only

To only change your Unix/Linux and email password login to one of the unix systems e.g ssh.cryst.bbk.ac.uk and use the command yppasswd

  • Remember: the yppasswd command will not change your Microsoft windows password
  • there may be a few minutes delay before the new password can be used.
  • This will not change your password on the College ITS systems
  • If you change your password with yppasswd then you can still use the web form, with this new password, to change all your passwords again.

A unix password contains up to 8 alphanumeric characters. symbols are also permitted. uppercase and lowercase characters are differentiated. if you enter more than eight characters for a password then only the first eight are used.

when you change your password please don't choose a new password which is similar to your old password. if anyone knew the old password they may then be able to guess the new password.

Hints for choosing a good password

  1. take two short words and combine them with a number or punctation character.
  2. choose a line from a song , poem and use the first letter of each word. e.g o rose thou art sick. the invisible worm that flies in the night in the howling storm, ( william blake) would give a password ortastiw
  3. use an acronym that's special to you. e.g. roses are red violets are blue, i live up stairs and so do you. would give a password rarvabilusasdy
  4. alternate between one consonant and one or two vowels, up to seven or eight characters. this provides nonsense words which are usually pronounceable, and thus easily remembered.

Bad passwords

  1. don't use a password which you think anyone could guess
  2. don't use your login id or any string derived from it. e.g if your id is ubcgxyz -> don't use passwords like zyxgcbu or zyxubcg xyzxyz ubcgzxy1
  3. don't use any other login id as a password.
  4. don't use names of any form as a password.
  5. don't use any of your names / nicknames as a password
  6. don't use any names of friends, colleagues, partners, pets, children etc...
  7. don't use names of fictional characters e.g. gandalf
  8. don't use the names of computers or operating systems.
  9. don't use the address / serial numbers of computers.
  10. don't use your or the departments phone number.
  11. don't use your or the departments postal code.
  12. don't use anyones birthday.
  13. don't use any information which is easily obtained about you or the department/college.
  14. don't use any word in the english dictionary.
  15. don't use any word in a foreign dictionary.
  16. don't use obscenities, english or foreign.
  17. don't use a place name.
  18. don't use a proper noun.
  19. don't use passwords of all the same letter. e.g zzzzz aaa
  20. don't use a simple pattern on the keyboard. e.g. asdfg
  21. don't use any of the example passwords used in this document.
  22. don't use any of the above spelled backwards.
  23. don't use any of the above followed or preceded by a single digit.

Good passwords

good passwords are difficult to guess but easy to remember.

  1. seven or eight characters long. vms systems allow much longer passwords.
  2. on unix systems use a mixture of uppercase and lowercase letters. vms does not distinguish between uppercase and lowercase letters.
  3. you should be able to type a password quickly so someone cannot learn your password by watching your fingers on the keyboard. (called shoulder surfing)

Don't write down your password. but if you must

like bank card pin numbers password should not be written down. however if you do write it down these precautions could help prevent anyone from finding your password ( or pin number).

  1. don't attach password to the computer, terminal etc.
  2. don't leave the written password any where people could easily find it.
  3. don't identify the password as a password e.g. don't write iona password = 12x9d6b8
  4. don't include the name or address of the computer on the same piece of paper.
  5. mix in some other characters or scramble the written version of the password in a way that is easy for you to remember but makes it hard for any

    CCSG Comments,Corrections, Changes Departmental Homepage

$Revision: 1.9 $ $Date: 2016/04/20 22:16:34 $