PATH Password Policy

Unix Passwords:

            
  1. Passwords must be 6-8 characters in length. 8 characters is preferred, but not enforced.

  2. Passwords must contain each of the following 4 character sets:
    • Capital Letters (A-Z)
    • Lowercase Letters (a-z)
    • Digits (0-9)
    • Symbols/Punctuation !@#$%^&*()_+|~-=\`[]{};':",./<>?`~

  3. Passwords cannot contain whitespace (spaces, tabs, etc.)

  4. Passwords cannot contain common words, your username, or variations of words or your username.

  5. Passwords must be changed on Porsche. I have disabled all the password programs on the other Unix machines. Please do not subvert the password policy by using your own linux machine/laptop to change passwords on the NIS domain. If you do this and I crack the password I will not be happy.

    To change your unix password, ssh to porsche and type: /bin/passwd

    Although this may sound like a pain, it makes the passwords much more resistent to cracking. It is also very easy with some thought to pick passwords in this fashion that are easy to remember.

    An example password that fits the above criteria is: Ih8pwds! When typed just think: I hate passwords!

Windows NT passwords:

            
  1. Passwords must be 7-14 characters in length. More than 7 is preferred but not enforced.

  2. Passwords must contain each of the following 3 character sets:
    • Letters (A-Za-z)
    • Digits (0-9)
    • Symbols/Punctuation !@#$%^&*()_+|~-=\`[]{};':",./<>?`~

  3. Passwords should not contain common words, or variations of common words and your username.

  4. Passwords cannot contain your username.

  5. PAY CLOSE ATTENTION TO THIS IT'S A BIT TRICKY:
    If your password is exactly 7 characters you can ignore this.
    If your password is between 7 and 14 characters rule 2 applies to the first 7 characters. Thus according to this scheme Ih8pwds! would NOT be a valid NT password. I,h8,pwds! would be a valid NT password.
    If your password is exactly 14 characters, rule 2 applies to either the first 7 characters or the last 7 characters.

Miscellaneous Password Stuff:

            
  1. Do not write down your password. If you feel you must write it down, don't keep it in clear view next to your desk. Ideally you should pick an easily remembered password so you won't have to write it down.

  2. It will increase security if you use different passwords for both NT and Unix, however, the convienence of one password is quite understood. Thus if you wish to use the same password for Unix and NT it's ok. Just be aware that there are subtle differences between the NT password policy and the Unix password policy. Be sure to carefully choose one password that will work on both (if you want one common password that is).

  3. I will audit (try to crack) passwords on the first weekend of every month. Everyone who has their password cracked will be notified via email. One week following the email, I will tell NT to force the user to change their password. For Unix passwords, I will lock the account if the password is not changed within 1 week.

  4. This won't be enforced, but in general everyone should change their password every few months or so.