[an error occurred while processing this directive]

Please change your network password

by Linda Deneen

Changing your central systems password

  1. Log into ub.

  2. If you are using UMenu, choose Utilities, then choose Passwd.

    If you do not use UMenu, simply type passwd at the Unix prompt.

  3. Enter your current password once, followed by your new password twice.

Rules for new passwords:

  • Must be at least 7 characters. (All characters past the eighth will be ignored.)
  • Must not be a word in the dictionary.
  • Must not be all lower-case or all upper-case letters. It is best to include at least one character that is not a letter.

Last spring we experienced a series of break-ins to our computer systems on campus. IS staff have worked hard to plug security holes, and we have not had any security breaches during the past three months. If you have not changed your password since mid-June, we request that you do so now. It is important that you do this to protect any information that you may have stored in your accounts and to keep intruders from using your account to access other parts of the UMD systems.

In this particular incident, it does not appear that the hackers were interested in looking at personal data in the system, although they did have access. They appeared to focus their efforts on breaking in and setting trap doors that would allow them other means of entry. It does appear, however, that one hacker made a copy of our password file. This file contains the encrypted passwords of everyone that uses our systems.

Even though the passwords are unreadable in their encrypted form, there are programs available that will encrypt each word in the dictionary and compare against the password file. If a match is found, then the password is known to be the dictionary word. Some programs are expanding their word lists beyond the dictionary to include other common passwords. Until you change your password, your account and personal data is at risk.

Maintaining system security is difficult work. For every system administrator working to keep hackers out of their system, there are multiple hackers trying to break in. Wonderful as the internet is, it also provides simple ways for hackers to share information about breaking into systems. IS staff monitor security advisories and implement those that are relevant to our systems, but hackers monitor them too; in the most recent case the first break-in took place two hours before our staff implemented the security fix that would have kept the hacker out.

We can never be absolutely sure that our systems are secure against intruders, and there are new techniques for intruding being developed every day. Here in IS we are committed to making our system as secure as we possibly can. We regret that we can't guarantee that there will never be security problems.

One of the best things you can do to help us is to arrange to regularly change your password and to choose a good password. We are considering making this a requirement for all users of our system, and are also considering providing new passwords to those who are unwilling to change their own passwords on a regular basis. Our current policy is to change all student passwords once a year and we are considering doing this for faculty and staff as well.

Thank you for your cooperation. We are sorry for the inconvenience. [an error occurred while processing this directive]
Last Revised on 09/18/97 sab [an error occurred while processing this directive]