About Us Technical Pages MCSU Services UNSW Services Suppliers Forms Medicine Websites
UNSW
Faculty of Medicine
Medicine Computing Support Unit


Quicklinks
UNSW DIY Services
ITS Software Distribution
ITS Online Services and Support
ICT Assist Training
MyUNSW

Why Choose a Secure Password?

Managing security of a network and the computers attached to it is a constant balancing act between having no security at all with full service and ease of use, no passwords and anybody can see everything, to having absolute security but with no service, no use of the network and no sharing of resources.

We have to choose a point somewhere in between in which to operate. We have been having regular, 1 to 2 times per week, incidents where people have been attacking our main Domain servers and trying to log on to every one of our accounts. After 10 attempts on a particular account, the account gets locked out for one hour, and thus is inactive for this time. What these people do is run programs that try different passwords on your account to see if they can find one that works. The more complex your password, the less chance that they will be able to guess your password. To see if your password is "weak" we run a widely available tool against your account to see if it can guess your password. It takes a modern computer only a couple of seconds to get simple passwords using what is called a "Dictionary Attack".

If any individual password is compromised it gives the hacker a first step in to our network which allows to them to then try a wide variety of new attacks against the network.

An account password can also give an attacker access to your local PC. Once they have access to your computer they can collect all of the keystrokes you type at your computer. This can include your unipass, any internet banking passwords, credit card numbers and anything else you type in your day-to-day work. This is why we need all of the passwords to be good.

It is not recommended that you use the same password for different services, but if you do want several of your passwords to be the same then you should change them all to a strong password.

A strong password should contain a combination of upper and lower case letters, numbers, and most importantly, punctuation marks. Replacing letters of words with punctuation marks or numbers makes a big difference to the vulnerability of your password, especially if they are placed in the first seven characters of your password. However separating complete words this way is ineffectual, cracking programs can put words together with numbers and basic punctation quite easily. Break up complete words with punctuation and numbers to make it impractical for attackers to keep trying your password, and keep your computer and our network more secure.

An example of a good password is:

We$tPac4 or Med.,Icine8

Click here for how to change your password in different operating systems:

Print Friendly Printer Friendly Page
> Privacy Policy    > Copyright & Disclaimer    > Accessibility    > Online Enquiry
Medicine Computing Support Unit - UNSW - Faculty of Medicine NSW 2052 Australia | Tel: +61 (2) 9385 1333 Fax: +61 (2) 9385 1258
© Copyright 2005 UNSW Faculty of Medicine | CRICOS Provider Code: 00098G | ABN 57 195 873 179 | Authorised by Medicine IT Manager
Page Last Updated: 02:24:38 PM, Monday 31 October 2005
CONTACTS | SITEMAP | Print Friendly