UHH>Informatik>NatS>Support Web>NatsFAQs>SecurityFAQ>CreatingNewPassword (17 Oct 2012, UnknownUser) Print version

FAQ:

How do I change my password? What kind of passwords should I use?

Answer:

Changing your password is easy. Use the passwd command from your shell. 
   prompt$ passwd                 Hit the ENTER key.
   Enter old password for "user": Enter your OLD password.
   Enter new password for "ingo": Enter your NEW password.
   Re-type new password:          Enter your new password AGAIN.
   Password changed.
   prompt$

Of course, the passwords will not be displayed when you enter them. If your new password is too easy, the program will force you to choose a more complex one. Note that your password will NOT be changed unless you see the "Password changed." message.

And now for the second question...

This is a short remark on what kind of passwords you should and what kind you should not use. Please be aware that the NATS cluster is accessible from the whole world and we experience attacks quite frequently. When chosing your password, please consider the following rules.

  • Don't use your name (first name, last name, account name, initials etc.) This is the easiest to guess.
  • Don't use modifications of your name (if your name is Michael, modifications such as Michael1, M1chael, Michi, leahciM are also easy to guess).
  • Never use passwords of less than 6 characters. Better make it 8 characters.
  • Never use a word that is in a dictionary. Standard cracking algorithms use dictionaries from many countries and include dictionaries of actors, athletes, tv shows, acronyms, characters from famous books etc. Standard combinations such as qwertyui, 1234abcd, 0o0o0o0o are also in dictionaries.
  • Never take a word that is in a dictionary and just append or prepend a character (e.g. 7Enterprise, soledad100).

Now a few things that you should do:
  • Use small and capital letters (capital letters should appear in the middle or at the end of a word)...
  • and use special characters (e. g. '@','%','}' etc.)...
  • and use numbers.

If you think you cannot remember a password like this, just take some sentence that you can remember, e. g. 'My dog and I went shopping on Tuesday'

Now take the first character from each word: 'MdaIwsoT'

Instead of replacing 'and' with an 'a', you can replace it with a '&' or a '+'. You can also replace 'i' or 'I' with '1' and 'o' or 'O' with '0'. This would make the password 'Md&1ws0T'. This would be very hard to guess. Of course, now that I have used it in this FAQ this password is useless.

Back to: SecurityFAQ

(by KaiSiemonsen and IngoSchroeder)
Support
Warning: Can't find topic Support.WebLeftBarExample

 
This site is powered by FoswikiCopyright © by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding Foswiki? Send feedback