Password guidelines and instructions for changing passwords on NCAR computers

Last update: 05/12/2008

This page provides password information for all users of all computers operated by CISL:

1. Password guidelines
2. How to change your password
3. Handling password problems

As the tools employed by hackers become more sophisticated and the intensity of hacking incidents increases, additional steps need to be taken to secure our computer accounts. A strong password is the first line of defense for an individual computer user's account. This document provides the information you need to help keep your account and CISL's computers secure.

Password guidelines

These are CISL's guidelines for creating more secure passwords.

Your password must:

• Be memorized, not written down
• Be at least eight characters long
• Contain changes in case
• Contain three non-alphabetic characters

Your password must NOT contain:

• A dictionary word in any language
• Personally identifiable information such as a name, a login name, part of an email address, a phone number, a date of birth, a license plate, a social security number, etc.
• Any of the above spelled backwards
• Any of the above with numbers exchanged for letters or vice versa
• Any of the above with numbers or special characters appended or prepended

For example, "hello", "43110", "HeLlO", "olleh", "hello!", "?hello?" are equally ineffective. Hackers are well aware of all these tricks, and their tools can apply these tricks when attempting to break passwords.

Hint: Select a phrase that is easy for you to remember:

I married my husband in 87!

could produce a relatively good password:

Immhi87!

A better password embeds non-alpha characters and has no repeats:

In 96 my dog BARKED! loud

becomes:

I96mdB!l

Note: Since the passwords shown here are in a public document, do not use either of them for your personal password.

Changing your password on individual computers

You must change your password on each individual system.

To change your password on blueice:

1. Log on to blueice using your CRYPTOCard.
2. Connect to blms using ssh blms.
3. An interactive menu is displayed; follow the prompts for changing your password.
4. After logout, wait 45 minutes before logging back on to allow the new password to propagate across the cluster.

To change your password on bluevista:

1. Log on to bluevista using your CRYPTOCard.
2. Connect to blueview using ssh blueview.
3. An interactive menu is displayed; follow the prompts for changing your password.
4. After logout, wait 45 minutes before logging back on to allow the new password to propagate across the cluster.

To change your password on gate, roy, and lightning:

1. Log on to any Unix system with an SSH client.
2. At the shell prompt, type:
   
   ssh password.ucar.edu
   
   
   ******** (your current password)
3. At the UCAR SSH Proxy (?for help)> prompt, type:
   
   password
4. At the ucar-telnet-proxy (? for help)> prompt, type:
   
   password
5. Follow the prompts to enter your username, your current password, your new password, and your new password again.
6. At the ucar-telnet-proxy (? for help)> prompt, type:
   
   quit or exit to log off password.ucar.edu.

If you have a Cryptocard, you may also ssh to password.ucar.edu to change this password.

Handling password problems

NCAR divisional users should work directly with their divisional representatives for help with lost or nonfunctional UCAR Central Authentication Services (UCAS) passwords. All other password problems for CISL systems should be directed to the CISL Customer Support Help Desk by any of the methods listed in our CISL Customer Support web page.

© Copyright 2004-2008. University Corporation for Atmospheric Research (UCAR). All Rights Reserved.

Address of this page: http://www.scd.ucar.edu/docs/password/index.html