The ECN No Name Newsletter is no longer being published. This is an archived issue.
[previous article] [next article]Have you ever absentmindedly left your car keys in the ignition of your automobile? If you have, you have probably also felt that feeling of relief when you realized that some thief had not taken advantage of your error?
The same thing may be happening with your computer account. You may unknowingly be leaving the keys to your computer account available to a thief by the selection of an easily deciphered password. Those "bad guys" who break into computer accounts realize that many people are very uncreative when developing a password because most people select a password that is short and easy to remember (usually a word that has personal meaning to the account owner). Many times passwords can be discovered by accessing public documents, checking the telephone directory, taking a tour through the parking garage, or using the finger program. Take a few moments and run through the following checklist and see if your password is one of those "convenient" passwords an unscrupulous computer thief loves to locate. Sorry, the trick of spelling any of the following backwards does not slow down detection because reverse ordering is usually a standard step in a decoding program.
The best password is gibberish; made up of numerals and characters both upper and lower case, such as
4TfGp8z+
but this type of password is downright difficult to remember. An easier to remember, but still difficult password to break is one that is a combination of two small words or a longer word with one or two letters deleted. As an example,
chubbyme (chubby + me).
might be a rememberable password for someone on a diet! This password would be made even more difficult to decipher if an upper case letter or two is tossed in, for example
chubBymE
You may think that nobody is going to be interested in your homework, your research data, or your mail. Maybe that assumption is correct; however, your account may provide access to other files via a group relationship, or you may have special system privileges, OR the thief may just wish to do mischief on the system and allow your account to get blamed.
A wise account owner will change an account's password every month or two. Unfortunately the average computer owner only changes passwords once a lifetime even though changing your password is easy! To change your password, key in
passwd
at your UNIX prompt to activate the change password program. When altering a password, the program prompts for the current password and then for the new one. The account owner must supply both. The new password is requested twice to avoid typos. Nothing you type in will be echoed to the screen, thus prohibiting someone from reading your password off the terminal screen.
passwd (return) old password: (key in old password) new password: (key in new password) new password: (key in new password)
If you have accounts on more than one machine, you will need to change the password on each account individually.
REMEMBER: Never write down your password on your office calendar, in your appointment book, hide it in your desk drawer, or tape it to the underside of your terminal. This is like locking the front door to your house and then hanging the key from the door knob.
HTML