Department Search:    
Department of Mathematics
Home Courses & Programs    People   Research  Contact  Events Newsletter

Computer Account and Password Policies

Background

Computer accounts are the basic security tool to control access to computer resources and to preserve privacy and integrity of user files. A stolen user account is typically the first step in a more serious security compromise. Idle accounts are often stolen without anyone noticing. Users need to be informed about management of their account passwords.

Creating Accounts

Permanent accounts are created for faculty, graduate students, and other affiliates of the Mathematics Department and the Center for Computational Mathematics on request. Temporary class accounts are created for all students in a class that requires access. Extension of student accounts or creation of a guest account is possible upon request by a permanent faculty member sponsoring the account.

Password Creation and Change

The initial password is set on math. Accounts for the beowulf system are created at request. Accounts on other machines are created by copying the currenting password information from math. Users should change their initial password by using the passwd command, immediately upon first logging on to the math server. Password changes automatically are applied to other servers within 24 hours. Users must pick strong passwords, at least 8 characters long, with a mix of letters, digits, and special characters.

Communication of Passwords

Passwords are given generally in person only. Presentation of an ID may be required of people that we do not know personally. Passwords for class accounts are distributed to students by the instructor. Passwords may be given by phone if the user is known to us personally and we initiate the phone call. Passwords may not be sent by email under any circumstances. Users must not send passwords by email even if it is to inquire about their own accounts. Users must guard their passwords and may not give them to anyone or use them as passwords on other machines or web sites.

Accounts may be disabled when necessary as listed below. There is no warning. Failed login usually does not give an indication if the account was disabled, if the password was wrong, or if the account does not exist.

  • Temporary student accounts for the purpose of a class are disabled after the term of the class for which it was created. Permanent student accounts are disabled after the student graduates.
  • Employee accounts are disabled after the employee leaves. All these accounts may be continued as guest accounts if requested by a permanent faculty member who sponsors the account.
  • Accounts on a machine where the user has not logged in for more than six months may be disabled.
  • Accounts on a machine where the user has not changed the initial password within one month may be disabled.
  • Any account that is reasonably suspected to be compromised, e.g., accessed by someone else than the user, will be disabled immediately. Account with easy to guess password may be automatically identified and disabled.
  • All accounts may be disabled in the event of a security incident.

Re-enabling Accounts

Disabled accounts and files in them are kept for one year unless this presents a disk space problem, and deleted afterwards. Files from deleted accounts can be recovered from tape backups though recovery may not be possible after several years. Account that has been disabled and not yet deleted may be re-enabled by creating a new initial password. All rules about password creation, change, and communication apply. It is not possible to set password to its old value or to a value requested by the user.

Account Use and Access

Standard UC Denver computer use policies apply. Account access from anywhere other than the 6th floor is available only by ssh to math. All users who do not use math for email should forward email to their mail home otherwise they will miss important system announcements.

Anticipated Changes

A PASSWORD MANAGEMENT SYSTEM HAS BEEN IMPLAMENTED TO ALLOW A SINGLE PASSWORD FOR ALL MACHINES. PASSWORDS ON ALL MACHINES, OTHER THAN MATH, ARE AUTOMATICALLY CHANGED TO MATCH THE MATH PASSWORDS ONCE EACH DAY. FOR THIS REASON USERS ARE ASKED TO MAKE ALL PASSWORD CHANGES ON MATH AND TO KEEP THEIR ACCOUNTS ON MATH ACTIVE.


This page last modified Monday, 07-Apr-2008 11:24:43 MDT.
Maintained by the Webmaster.


Home ] Courses & Degrees ] People ] Research ] Contact ] Site Map ]