How secure is my account and password?
Your mail.sas account is for your use only. You are solely responsible
for what is done with it. If there is evidence of unauthorized or
improper use of your account, it will be temporarily disabled. This
protects your files and other users of the system. You will be asked
to contact the postmaster, show your Penn ID, change your
password, and/or take other appropriate action. If you suspect that
someone else may be using your account, report it by contacting the
postmaster
or help@sas immediately.
Our most important line of defense against unauthorized users is the
security of each individual account on the system. Use of the mail.sas
computer is a group responsibility. Keeping your account secure is
necessary not only to protect your own files and resources, but to protect
the entire system. That is why we insist upon unguessable passwords.
Account Sharing is prohibited! It is a violation of mail.sas and
University policy to share accounts. Multiple users of one account are a
security risk and endanger all other user accounts. Do not give
your password to anyone. If we suspect that an account is being shared,
it will be locked.
Choosing secure passwords
Select a password you will remember. Since you are responsible
for all use of your account, don't tell anyone your password, and
choose one that cannot be guessed easily. Computer programs can
easily guess passwords from a dictionary or proper names, so pick
something else. The passwd program will tell you if your password
is too easy to guess.
Work out some flexible method of your own for choosing passwords that
is NOT based on:
- modifying any part of your name or name & initials
- modifying a dictionary word
- acronyms
- any systematic well-adhered to algorithm
Suggestions: take two unrelated short words joined by
a special character, such as Big$Deal, or make an acronym, such as "A
stitch in time saves nine," Asits9. Don't pick these particular
passwords, though. Come up with your own technique for choosing a
password.
Password cracking programs are very sophisticated. They will try to
match all words that appear in dictionaries, slang words, proper
names, and will use various common techniques for creating passwords,
such as suffixing/prefixing a character to a common word.
Examples of bad passwords:
| PASSWORD | REASON |
| abominable | word appears in the dictionary |
| wizard | ditto |
| draziw | reverse of a dictionary word |
| Elizabeth | girl's name |
| samuel | boy's name |
| trojan32 | dictionary word suffixed by characters/numbers |
| private! | ditto |
| 123456 | common sequence |
| abcdef | ditto |
| qwerty | ditto |
For more information on mail.sas policies, please see here.
Make a New Search
Last modified: Wednesday, 18-Dec-2002 16:46:14 EST
|
