SIDEBAR
»
S
I
D
E
B
A
R
«
Blogs2.cch WordPress server
Apr 10th, 2013 by Tim Watts

All blogs running here are now updated to the latest version including plugins and themes.

Automatic updates will now be enabled every night to avoid security vulnerabilities going unnoticed.

Digital Humanities Accounts and Passwords
Apr 4th, 2013 by Tim Watts

Basic password rules

In order to maintain systems security, the following password rules are now in operation:

  1. Passwords must be changed annually;
  2. Passwords should not be used for any other computer account, especially social media sites like Twitter, Facebook, Google, LinkedIn, MySpace etc – a number of these have had serious password leaks in the past and probably will again.
  3. Don’t write it down – especially on a note stuck somewhere everyone can see it! If it’s hard for you to remember lots of passwords, try something like KeePassX which allows you to keep several items of secure information, encrypted with one really good passphrase. Versions of this program are free and are available for MacOSX, Windows, Linux, Android and iOS.
  4. Passwords need to be at least 10 characters long.
  5. Passwords may be upto 256 characters long.
  6. Passwords must contain at least 3 types of characters from this list:
  • Uppercase ACSII letters (A-Z, no accented characters)
  • Lowercase ACSII letters (a-z, no accented characters)
  • Digits (0-9)
  • Spaces
  • Punctuation characters

Password tricks for an easier life

Rules 3-5 sound hard, but they need not be. For example:

  • Instead of a short really hard to remember password, try a “passphrase” – a sentence with some capital letters and spaces will work;
  • Try inventing a personal scheme of swapping certain letters for certain punctuation characters or digits.
  • Try unusual, but consistent capitalisation – eg uppercase the 3rd letter of each word instead of the first, or as well as the first.
  • Don’t tell anyone how your personal rules work! Then you can use your personal scheme again and again.

The key advantage to this is it makes brute force and “dictionary attacks” very hard indeed.

How to change your password

Just visit https://account.cch.kcl.ac.uk/chpw.cgi

Changed passwords are active immediately – there is no delay.

Can I lock myself out?

Yes. In order to protect the systems against brute force cracking attempts which happen continuously, the systems have two countermeasures:

  • 5 failed attempts to connect on certain protocols including ssh will block your IP address for one hour.
  • 5 incorrect password attempts within one hour on a single username will disable that username for one hour.

Empirical evidence suggests these are sufficient to make “RatWare” (cracking software) “bored” enough to give up and try somewhere else, at least for a while. I’ve also not yet seen any real accounts become locked out due to cracking attempts – mostly because “RatWare” usually tries to hack very common linux/unix account names like “root”.

In either case the computer or account will reset itself after one hour.

SIDEBAR
»
S
I
D
E
B
A
R
«
»  Substance:WordPress   »  Style:Ahren Ahimsa