Password Security on VM
We have recently had an incident on one of our VM systems where a user's account was compromised and the intruder formatted his mini-disk. In this case the user had a rather easy-to-guess password.
A recent survey of passwords indicated that several VM users have ``easy-to-guess" passwords.
In order to try and increase the security of VM user's accounts we will soon be introducing rules aimed at encouraging users to select passwords that are more difficult to guess. In addition, regular checks will be made to ensure that an ``easy" password has not been selected.
Previous CNL articles (CNL212, 210 and 197) have given hints for users on choosing a ``good" password. Please bear these in mind when choosing your own.
The new rules will be that passwords must be at least six characters long and that they must contain at least one alphabetic character and at least one digit. These rules will be applied when a user changes his password and the user will be informed immediately if the new proposed password does not comply.
The proposed implementation will proceed as follows.
If, during one of the regular checks, a password is guessed, then the user will be informed by E-mail and the procedure as outlined above will be followed. Should the user encounter problems in choosing a good password please contact the User Consultancy Office (firstname.lastname@example.org)
We count on your understanding that security is in everyone's interest.