1552
Comment:
|
1927
|
Deletions are marked like this. | Additions are marked like this. |
Line 26: | Line 26: |
A password should be | == A password should be == |
Line 32: | Line 32: |
== Diceware == | |
Line 41: | Line 42: |
== Mini FAQ == Q: If I use more than 10 characters I am more secure, right? A: No, not really. Currently we consider a 10 random character password "safe". Please consider that there are other ways to attack your account besides a brute force password attack. Be aware of the fact that there is no perfect security. <<BR>> https://xkcd.com/538 |
How to choose a good password
A password should be 10 characters or longer. A practical approach for choosing a new passwords is to
ssh login.coli.uni-saarland.de apg -a0 -MNLC -t -m10 -x10
Passwords generated this way will take on average approximately 64 years to be broken by a 8xTitan-X GPU cluster node.
Linux / MacOS
To change your password please log in with SecureShell (ssh) to 'login.coli.uni-saarland.de' and enter the command "passwd".
ssh login.coli.uni-saarland.de passwd
Windows
Press CTRL-Alt-Del and select "Change Password". Windows passwords are independent from Linux / MacOS / Mail passwords.
Email / Web Server
Your email password is the same as your Linux / MacOS password.
More information on passwords
A password should be
- kept secret
- changed on a regular basis
- not be easy to guess by others (like your Matrikelnummer or 'klausi1' for instance)
- new, do not reuse your old password(s)!
Diceware
A very good way to create hard to guess, yet easy to remember passwords (or passphrases) is to employ the "diceware" method using real world, physical dice. In short
- roll a dice 5 times,
- look up the word which corresponds to the result using an existing list of words,
- repeat until you have 6 words.
- Your 30 dice rolls yielded ~77 bits of entropy which is now encoded in the 6 words you chose.
A more detailled description including word lists for many languages can be found here:
http://world.std.com/~reinhold/diceware.html
Mini FAQ
Q: If I use more than 10 characters I am more secure, right?
A: No, not really. Currently we consider a 10 random character password "safe". Please consider that there are other ways to attack your account besides a brute force password attack. Be aware of the fact that there is no perfect security.
https://xkcd.com/538