Your Unix account is uniquely identified by your username (also sometimes called “login name”, “IT ID”, or “login ID.”). If you apply in person for your account, the person to whom you apply should be able to tell you your username. If your account was set up automatically as a result of your registration in one or more courses, your instructor is notified of your username via e-mail when the account is set up, and should be able to tell you what it is if necessary.

Your Internet e-mail address is obtained by adding @cisunix.unh.edu to your username; for example, joe's e-mail address would be <joe@cisunix.unh.edu>. (Actually, you can use any specific CIS Unix machine name, not just cisunix, but let us not quibble: it all goes to the same place.)

For nearly all users, the cisunix part of the e-mail address is optional. So (for example) <joe@unh.edu> also works for sending mail to the user joe.

You are discouraged from changing your assigned username. If you think you have a compelling case for changing your username, please contact the Account Administrators via the Help Desk Web Form.

You also need a password to access the Unix systems. Your initial password is set when we create your account; you will be notified as to what that actually is. (The notification method depends on how your account was requested.) You are forced to change this initial password the first time you log into your new account.

Your account should be protected by a password that is difficult to guess. Why? Since your username is publicly accessible, people who guess your password correctly have full access to your account and files. They can delete or change your files; they can change your password to something else; they can behave obnoxiously on the system, and you'll be held responsible. You don't want any of this to happen.

Someone who wants to break into your account may, of course, attempt to log into your account by sitting at a terminal trying a succession of guesses at your password. Amazingly enough, this sometimes works. This approach is effective against people who base their passwords on their username, their real name, the names of their friends and acquaintances, their favorite teams, or other personal data.

If this were the only cracking method, it would be relatively easy for you to pick a hard-to-guess password. Unfortunately, would-be attackers have a variety of more-powerful tools at their disposal. Programs exist that can check your password against lists of hundreds of thousands of words. You can't assume that a would-be cracker doesn't have access to such methods.

So you need a very good password. In fact, Unix users are required to choose a password that is hard for others to guess. This requirement is made easier by our password-changing program, which disallows most, if not all, attempts to change to a poor password; see "Activating Your Account" in this document for more information. The following simple guidelines should help you choose a password that will be very difficult to guess.

Your password should:

Your password should not be based on:

By “based on” a word we mean: you shouldn't simply append or prepend a character to a word; you shouldn't reverse it; you shouldn't type it twice; and so on. It's probably OK to “creatively” misspell a word; but you should be sure to be very creative in doing so; please don't simply replace s's with dollar signs, l's with 1's, e's with 3's, etc. The bad guys check for that, too.

Passwords may be (more or less) pronouncible, in order to make them easier to remember. They should be easy to type quickly, in order to cut down on the likelihood that someone watching over your shoulder can figure out what you're typing.

Users are often admonished to “never write down a password.” A password that you memorize is more secure than the same password written down, simply because there is less opportunity for other people to learn your memorized password.

But a password that must be written down in order to be remembered is quite likely a password that is not going to be guessed easily. If your write your password in your wallet, the chances of somebody who steals your wallet using the password to break into your computer are remote indeed. (Unless you are an extremely important person and your wallet is stolen as part of an diabolical plot. Of course, if the wallet containing your password is stolen, you should, among other sensible actions, change your password.)

If you must write down your password, follow a few precautions:

Also never record a password online in any unencrypted form. For example, don't have a keyboard macro on your PC that allows you to type your password with a few keystrokes; anyone who accesses your PC will be able to dig that out pretty quickly.

Likewise, never send a password to another via e-mail. In the book The Cuckoo's Egg, Cliff Stoll tells of how a single intruder broke into system after system by searching for the word “password” in text files and mail messages. With this simple trick, the intruder learned the passwords of many accounts on many different computers across the country.

Before you do anything else with your account, you need to discover your username (if you don't know it already), then “activate your username” by setting your password to something that only you know.

Nearly all new users will do this via the following method:

This should display your username and allow you to set your initial password. You'll also be given the opportunity to set up a "Security Question" that will allow you to reset a forgotten password.

This only works for people with a Blackboard account (which is most people). If you don't have a Blackboard account, you will have to: Know what your username and initial password are. You should have been told your username and initial password when your account was created. If you weren't told, or don't remember what you were told, you'll have to contact the Help Desk (2-4242) or go to Dimond Academic Commons Information Technology Support Center (DAC ITSC) in the Dimond Library for assistance. Use one of the CIS Unix-only password changing mechanisms described in “Changing Your Password” to change your password.

Nearly all users will want to change their password via the “MyUNH Portal”. To do that:

This should take you through a process that will change your CIS Unix password; it will set your Blackboard and Webcat passwords to the same thing.

This only works for people with a Blackboard account (which is most people). If you don't have a Blackboard account, or you want your CIS Unix password to differ from your Blackboard/Webcat password, you can use one of these methods to change only your CIS Unix password: You can go to the CIS Unix Password Change web page. See “Changing Your Password on the Web” for more information. You can establish a login session with one of the CIS Unix login servers and give the passwd shell command. See “Changing Your Password in a Login Session” for more information. You can change your password using Eudora. See “Changing Your Password with Eudora” for more information.

Changing Your Password on the Web

To change your password on the web, open the web page https://webmail.unh.edu/cisunix/password.php; see below. In theory, use is self-explanatory.

The changer makes the usual quality checks on your proposed new password (see “Your Password”); you should get a meaningful and sensitively-worded error message if you pick one that's judged too easy for the bad guys to guess. Note the link to password suggestions/examples; this is good if you're not feeling sufficiently creative.

CIS UNIX Password Changer
=========================


some helpful guidelines appear here 


Changing password for joe

Current password: 

New password: 

Retype new password: 

(Checking your proposed new password... please wait.)

Your password should contain at least one UPPERcase letter.
New password: 

Looks as if your password change was successful.
Please note that the change may take a few minutes to take effect.