|
Size: 2404
Comment:
|
Size: 2780
Comment: Note on Kerberos Problems on PW change
|
| Deletions are marked like this. | Additions are marked like this. |
| Line 2: | Line 2: |
| Line 9: | Line 8: |
| Line 14: | Line 12: |
| Line 18: | Line 17: |
| __'''''Note:'''''__ Changing your password will invalidate old Kerberos Tickets and thus sessions. Make sure to log out from all Kerberos enabled systems and/or do a kinit to get new tickets. An invalid Kerberos Ticket might be the reason you have no access to your home directory anymore. (As of September 2016 the shares are not Kerberos enabled yet. This will change though) |
|
| Line 25: | Line 28: |
| Line 33: | Line 35: |
| A very good way to create hard to guess, yet easy to remember passwords (or passphrases) is to employ the "diceware" method using real world, physical dice. In short |
A very good way to create hard to guess, yet easy to remember passwords (or passphrases) is to employ the "diceware" method using real world, physical dice. In short |
| Line 39: | Line 41: |
| Line 44: | Line 47: |
| Q: If I use more than 10 characters I am more secure, right? <<BR>> A: No, not really. Currently we consider a 10 random character password "safe", but feel free to use longer passwords. Please consider that there are other ways to attack your account besides a brute force password attack. Be aware of the fact that there is no perfect security. <<BR>> https://xkcd.com/538 <<BR>> <<BR>> Q: How about passwords I use on the Internet with my web browser? <<BR>> A: We recommend using a password manager/password generator, like "keepassx", to create and store long (>30 chars) random passwords. We also recommend using the built in web browser password storage, but it is mandatory to use a strong (see above) master password (Firefox: Preferences -> Security -> Change Master Password) when doing so! |
Q: If I use more than 10 characters I am more secure, right? <<BR>> A: No, not really. Currently we consider a 10 random character password "safe", but feel free to use longer passwords. Please consider that there are other ways to attack your account besides a brute force password attack. Be aware of the fact that there is no perfect security. <<BR>> https://xkcd.com/538 <<BR>> <<BR>> Q: How about passwords I use on the Internet with my web browser? <<BR>> A: We recommend using a password manager/password generator, like "keepassx", to create and store long (>30 chars) random passwords. We also recommend using the built in web browser password storage, but it is mandatory to use a strong (see above) master password (Firefox: Preferences -> Security -> Change Master Password) when doing so! |
How to choose a good password
A password should be 10 characters or longer. A practical approach for choosing a new passwords is to
ssh login.coli.uni-saarland.de apg -a0 -MNLC -t -m10 -x10
Passwords generated this way will take on average approximately 64 years to be broken by a 8xTitan-X GPU cluster node.
Linux / MacOS
To change your password please log in with SecureShell (ssh) to 'login.coli.uni-saarland.de' and enter the command "passwd".
ssh login.coli.uni-saarland.de passwd
Note: Changing your password will invalidate old Kerberos Tickets and thus sessions. Make sure to log out from all Kerberos enabled systems and/or do a kinit to get new tickets. An invalid Kerberos Ticket might be the reason you have no access to your home directory anymore. (As of September 2016 the shares are not Kerberos enabled yet. This will change though)
Windows
Press CTRL-Alt-Del and select "Change Password". Windows passwords are independent from Linux / MacOS / Mail passwords.
Email / Web Server
Your email password is the same as your Linux / MacOS password.
More information on passwords
A password should be
- kept secret
- changed on a regular basis
- not be easy to guess by others (like your Matrikelnummer or 'klausi1' for instance)
- new, do not reuse your old password(s)!
Diceware
A very good way to create hard to guess, yet easy to remember passwords (or passphrases) is to employ the "diceware" method using real world, physical dice. In short
- roll a dice 5 times,
- look up the word which corresponds to the result using an existing list of words,
- repeat until you have 6 words.
- Your 30 dice rolls yielded ~77 bits of entropy which is now encoded in the 6 words you chose.
A more detailled description including word lists for many languages can be found here:
http://world.std.com/~reinhold/diceware.html
Mini FAQ
Q: If I use more than 10 characters I am more secure, right?
A: No, not really. Currently we consider a 10 random character password "safe", but feel free to use longer passwords. Please consider that there are other ways to attack your account besides a brute force password attack. Be aware of the fact that there is no perfect security.
https://xkcd.com/538
Q: How about passwords I use on the Internet with my web browser?
A: We recommend using a password manager/password generator, like "keepassx", to create and store long (>30 chars) random passwords. We also recommend using the built in web browser password storage, but it is mandatory to use a strong (see above) master password (Firefox: Preferences -> Security -> Change Master Password) when doing so!