Choosing and Changing Passwords
This Document is Only Pertains to Your ME/AEM/ENET Passwords
Some Notes About Changing Passwords
-
Enet Windows Passwords and Unix Passwords are not synchronized (changing one does not change the other) and must be changed separately.
-
Your Windows Password controls access to Windows resources (Logging on to FULLY managed Enet Windows Machines; and connecting to Enet shared folders and printers from un-managed machines).
-
Your Unix Password controls access to just about everything else (Logging on to FULLY managed Enet Unix/Linux Machines; Enet e-mail; Enet login to ME & AEM Wireless; Enet Vpn).
-
To Change Your Unix Password:
Log on to our Webmail server: https://www.mail.enet.umn.edu/
select My Account.
select Password.
Fill in the boxes and select Change Password.
WAIT (about 15 seconds) - the page will inform you if the password was changed or not.
You must log out of Webmail before you can use it after changing your password.
Or: Log on to a SSH gateway machine (ssh.me.umn.edu or ssh.aem.umn.edu) and use
yppasswd
-
To Change Your Windows Password:
Log on to a FULLY managed (and domain attached) Enet Windows Desktop Machine and press
[CTRL]-[ALT]-[Delete]
(note: you can also use this key combination when you are logged in to lock the screen, or log out)
then select
[Change Password...]
Log out (and then log back in) after changing your password (if you don't you won't have access to printers or shares).
Please Note Some Password Maximum Length Limitations
-
You MUST use a password of at least 8 characters (This is University Policy)
-
Windows Password: 14 characters max (Windows will reply with a confusing access denied error if you exceed 14 characters).
-
Unix Password: 30 characters max for full compatibility with the following:
-
Console X Login: 30 characters max (Login on a Graphical console)
-
Terminal Login: 100 characters max (Login on a text only console)
-
ssh: 100 characters max
-
Wireless login: 100 characters max
-
VPN: 100 characters max
Important Password Guidlines
-
Sharing of accounts is forbidden.
If others need access to your files or the Enet systems, we (Enet) can create a separate account for them.
-
Never give your password to anyone. This
includes Enet Staff. The Enet Staff never
needs to know your password to fix problems with your account.
They have administration privileges already.
-
If you must write a password down (we suggest you don't), keep it safe as you would your credit card (keep it with you at all times so no one else can find it).
-
Never leave any password on anything near a computer (not even in a file in your home directory).
-
Never send any password via e-mail (nor instant messaging). E-mail is NEVER secure (it can be intercepted, and can end up with the wrong person).
-
Change your password periodically (at least once a year) - especially if you think someone else may know it.
-
Use different passwords for accounts on different systems
(Note: since your Enet Windows and Unix passwords access nearly the same resources, they can be the same).
Choosing a Good Password
For security, always use passwords which include
Letters, numbers and non alpha-numeric characters.
Keep in mind that you can always use 14 character passwords (including spaces).
The only way to get a reasonable amount of variety in your passwords
(I'm afraid) is to make them up. Work out some flexible method of your
own which is NOT based upon:
-
modifying any part of your name or name + initials
-
modifying a dictionary word
-
acronyms
-
any systematic, well-adhered-to algorithm whatsoever
For instance, NEVER use passwords like:
alec7 - it's based on the users name (& it's too short anyway)
tteffum - based on the users name again
gillian - girlfiends name (in a dictionary)
naillig - ditto, backwards
PORSCHE911 - it's in a dictionary
12345678 - it's in a dictionary (& people can watch you type it easily)
qwertyui - ...ditto...
abcxyz - ...ditto...
0ooooooo - ...ditto...
Computer - just because it's capitalised doesn't make it safe
wombat6 - ditto for appending some random character
6wombat - ditto for prepending some random character
merde3 - even for french words...
mr.spock - it's in a sci-fi dictionary
zeolite - it's in a geological dictionary
ze0lite - corrupted version of a word in a geological dictionary
ze0l1te - ...ditto...
Z30L1T3 - ...ditto...
I hope that these examples emphasise that ANY password derived from ANY
dictionary word (or personal information), modified in ANY way,
constitutes a potentially guessable password.