Password and Account Security
This document describes the mutual obligations and responsibilities of the users and managers of the Mount Holyoke College communications computer system.
All users of the computer systems and the network agree to abide by the "Acceptable Use Policies" of Mount Holyoke College and the wide-area networks to which we attach. The current policies are presented in this document. The wide area network policies are available on line. Computing and Information Systems (CIS) also uses the computers to provide other important information and announcements.
This document concentrates on the main communications system, but many parts are applicable to the use of the network and other computer systems as well.
Because this document is, in part, a guide for the computer user, the term "you" refers to the computer users and "we" refers to the full time staff of Computing and Information Services (CIS).
The major sections in this document are:
- Computer Accounts
- Acceptable Use Policies
- Password and Account Security
- Electronic Mail Privacy
NOTE 11/21/95 This document could use some more work since the OIS has been developed. In particular, information from the "homepage" command should be included in here.
NOTES from Regina 8/10/94: Adjudication: good comments about not all violations being malicious Bring work on honor code into line with this document and vice versa and have acceptable use policies consistent with code. Need words about "students being bound by both the academic and social honor codes with respect to acceptable use policies"
Notes from Georgia:
Network should be used only for purposes that benefit the university system.
Transmission of any material in violation of any U.S. or state laws or regulations is prohibited.
Users are expected to be responsible in their use of the network. They should avoid actions that cause interference to the network or the work of others on the network.
The network should not be used for commercial traffic, other than that related directly to the operation of the university system.
Accounts on the computer systems
The Mount Holyoke College communication computer system called "mhc.mtholyoke.edu" (or MHC) is considered a communications resource for the college community. This system contains a superset of accounts for other, non-administrative UNIX-based systems on the network. Other UNIX-based system should acquire user account information from this system.
A computer account is referred to by its username. Each individual is provided with a single username which uniquely identifies them. This username is public information and is the mechanism by which individuals access the computer systems and receive electronic mail. Information you store, mail you send and receive, and other uses of the computer system are done under your username, i.e., your computer account.
Access to your account is protected by a password. This password should be kept strictly secret. One of the conditions of the computer account is that you do not provide access to the Mount Holyoke College computer system(s) and network to anyone else by allowing them to use your computer account.
There is currently no charge for computer use. This does not preclude the introduction of charges for specific kinds of computer accounts or services.
There are charges for resetting forgotten passwords.
Eligibility for Account
Accounts are provided to individuals only. Accounts are not granted for access by more than one person. For groups wishing to share information, the standard UNIX group mechanism will be used. Groups are formed for specific academic or administrative purposes only.
Internet access is becoming a valuable commodity. There are many commercial vendors who are selling Internet access to the public. The College is taking steps to not compete with these commercial ventures.
Our software licensing precludes us from providing accounts to anyone not affiliated directly with the college. We have used a very broad definition of affiliation in our categories of account.
The eligibility for an account depends on your relation to the College. According to this relation, an account would fall into one of several categories.
Category of Account
All computer accounts provide the same kinds of access to system resources and there are no restrictions in access. The granting of accounts, however, falls into two categories:
- Regular accounts All Mount Holyoke students, faculty, staff, and emeriti.
- Courtesy accounts All other accounts are provided as a courtesy and include the following categories:
- Spouses of the holders of regular accounts.
- Dependent children of the holders of regular accounts. It is necessary to obtain parental consent, and parents must understand that such accounts have the same access to Internet information as any other account. In other words, parental discretion is advised.
- Five College employees. (Five College students are categorized as Mount Holyoke students for the duration of their affiliation for course work and are given special short-term accounts.)
- Graduated Alumnae -- must provide current address and telephone information.
* Special affiliation with the college -- includes affiliations because of grant or research relations, certain K12 school affiliations, or former account holders with special needs to retain college affiliation (such as former faculty). Determination of special affiliation is done on a case-by-case basis.
* Visiting faculty -- Faculty from other institutions visiting the Five-College area on a temporary basis may be granted special accounts for the duration of their stay. * Guests -- special short-term accounts are provided for guests or individuals with unique needs to use the system for a short period of time. These are granted on a case-by-case basis for a specific time period.
This section does not attempt to define all categories that might not qualify for accounts, but questions have arisen with sufficient frequency that some categories may be specifically addressed.
- Family members other than dependents. (Dependents require parental consent.)
- Businesses that the College interacts with. There are commercial Internet providers that will allow businesses to work with us over email.
- Members of the South Hadley community that do not qualify for accounts in the categories above.
Duration and Expiration of Account
The duration that the account is valid and when that account expires depends on the kind of account and the activity of that account.
Type of Account
- Faculty/staff Accounts are valid for the term of employment. These may include 5-College employees.
- Student These are valid until graduation. However, for as long as we can extend the service, student accounts may be continued year by year for the purpose of electronic communication. Yearly reapplication in writing will be required. Extensions are not granted for accounts that have been used by someone other than the person to whom it was originally issued.
- Short-term accounts
- Those accounts provided for special-purpose programs are valid for the duration of the program only. Examples: A summer research program, a Five-College class account.
Other courtesy accounts Barring other changes, these accounts are good for as long as the relation with the College does not change from the time the account was granted.
Normal Expiration of an Account
It is the responsibility of the account owner to save all information on accounts PRIOR to the end of the term of the account. Our system backups are designed for the recovery of data in the event of system malfunction and we do not provide an archive service for old data or expired accounts.
Expiration Due to Inactivity
A special case of expiration is when an account has been inactive for some period of time.
Accounts which have been inactive for some period of time (currently one year) will expire unless the individual has made arrangements to keep the account. If your account is going to be inactive, you should make sure that all needed information is copied from the account to your own storage media.
Shorter periods of inactivity also require special attention. If an account is inactive (e.g., summer vacation), you must remove yourself from all mailing lists. If the system mail folder grows too large (over a megabyte) and the account is inactive, the account will be REMOVED to prevent mail from accumulating. Reinstatement of a removed account is more involved and takes longer than reinstating a "locked" account.
Disposition of account information after termination or expiration
Validation of Account
To insure that the account is needed, is being used by, and only by, the individual to whom it is assigned, periodic validation will be required. Validation normally will be on a yearly basis, but earlier validation may be required if it is suspected that the account is being used by someone other than the owner.
For regular accounts owned by faculty, staff, or students, the name in the MHC phone directory is generally considered validation, and, conversely, the absence of the name in the phone book is considered to "invalidate" the account unless other arrangements have been made.
For other accounts, validation involves verifying and/or updating records of the current postal address and telephone number of the account owner.
Denial of Access
The denial of access to the system can take several forms:
This is a temporary deactivation of an account pending the individual coming to speak with the computer staff. The purpose of a lock is to ensure that the account is not used until the individual has been in contact with the staff. Reasons include such events as the account being apparently compromised, the account being used in a way the jeopardizes the operation of the system, or non-responsiveness to system- related questions posed by system management, or other violations of the acceptable use statement. An example: password too simple and easy to guess; other possible or potential security violations including allowing anyone else to use the account; excessive use of system resources that adversely affects other users; inappropriate use of local system or network resources (see below).
An account may be suspended pending other disciplinary or investigative action where there is evidence of continued improper use of the system, or where the continuation of computer access poses a risk to the operation of the system or a risk to the institution. In no case should suspension be used as a disciplinary tool.
Under special and unusual instances, suspension may be made permanent and access to the computer system may be permanently revoked.
The suspension or revocation of a regular account must be done in consultation with and approval of existing campus authorities with the management of Computing and Information Systems. The appropriate campus authorities differ depending on the status of the individual in question: * Students: Dean of Students office * Faculty and Emeriti: Dean of Faculty office * Employees: Immediate supervisor and/or department head, Senior Staff member. In all cases, a suspension or revocation of a regular account may be appealed to the Executive Committee on Computing.
The suspension or revocation of a regular account will not be used as a disciplinary action.
Courtesy accounts are not subject to the rights of continuance that are afforded regular accounts. Reasons for giving courtesy accounts may change and thus the reason for the continuation of a courtesy account may change. These accounts are provided at the discretion of the management of Computing and Information Systems.
Disposition of accounts after termination
While backups have been mentioned in other sections, a more detailed description is provided here.
Backups on MHC (the communications computer) and KC (the general file campus file server) are done to minimize the risk of data loss in the event of a catastrophic disk failure. Backups are not done for user-archival purposes or accidental file removal by users, although the normal system backup can, by happenstance, fulfill an occasional need for that function. Theoretically, in the event of a computer failure, it is possible to recover all information stored in a computer at the time of the last backup. There are, however, occasional problems with these restorations which can result in lost information.
Backups are done late each night on "live" systems. This method incurs some risk since it is possible that a file that is changed during the backup process may be unrecoverable. The alternatives, however, either require the system to be unavailable for users or a great deal of money to be spent on other disk technology.
Users are responsible for maintaining their own multiple, current back-up copies of their material. This is usually done on floppy diskettes. High speed network connections that facilitate copying to diskette are available in Academic Computing Labs, though filenames may need to be altered so as to be compatible with the desktop computer used (i.e., DOS, Macintosh).
Users with special backup needs should consult with CIS. This is especially important for those with high-volume research requirements.
Privacy and Security
CIS will take reasonable means to assure the privacy and security of information on the system. There is a separate section devoted specifically to the privacy of electronic mail.
Files, like electronic mail, are generally private. Your HOME directory contains, however, some "dot" files which have to do with login processing which the system managers must have access to. Some of these files are: .rhosts, .profile, .cshrc, .login, and .logout. This topic is covered in more detail in the section on electronic mail privacy.
The contents of files stored on the computer system will be released to others only if required by state or federal regulations or College policy.
Great efforts are made to maintain system security. Perfect security cannot be guaranteed and computer systems can be broken into. While the probability is very low, one should be aware of the possibility when storing information.
By secure we mean that the information stored in the computer will be safe from unauthorized access, and that CIS won't lose the information. It is important to realize that we cannot make these guarantees absolute. Users have a variety of levels of security available, and must choose the level appropriate for their own information.
The security and reliability of the system can interact and be in conflict with issues of privacy. We are committed to maintaining privacy and system security and reliability. Compromises are necessary to accomplish these goals. Therefore, in unusual circumstances, some files may be inspected by the system managers:
- Files that are being run as programs that are consuming large amounts of system resources may also have to be examined by the system managers. In this way it can be determined whether the program should be unconditionally terminated or whether it is operating normally and can be left running.
- Files may be examined if there appears to be a clear threat to system integrity, such as files growing in size without apparent reason, recursive directories, or extremely large files (more than a few megabytes).
- In all cases, the examination will be minimal and just sufficient to determine whether a threat or problem exists, and all information in the file will be treated as confidential.
Users have at their disposal system tools for changing the security of their files. Computer accounts are initially set up to provide only the individual with file access. Individuals can alter these conditions to provide others with more free access to files, and this is solely under the control of the individual user.
To a large extent, issues of system security, efficiency, reliability, and privacy are the reasons that there are acceptable use policies and restrictions on what you can do on the system. In this, behavior codes on a computer system are not much different in intent from behavior codes in other aspects of life.
Acceptable Use Policies
As a user of the computer system, you are a member of a larger community. Actions you take have an effect on others. For example, excessive use of disk resources or computer time can negatively affect others' use of the system and will have to be curtailed unless special and valid reasons are given. (It is usually the case that occurrences of these problems are accidental.)
As a user of this computer system, you are also a member of a world-wide community of computers. The wide-area networks were established primarily for academic and research purposes. However, it is recognized that any communication with those at other colleges or research institutions may have indirect academic purposes. By using the networks for fun, you will be learning how to use them for academic purposes also.
As in any community, there are rules and guidelines for acceptable behaviors on the computer system. You are responsible for understanding what is appropriate behavior on the computer systems and networks. The ones given here augment statements of acceptable behavior published elsewhere by the College and are more specific to computer systems.
The continued reliable and pleasant operation of the computer system rests to a large degree on the users of the system. Responsible users are necessary if we are to provide reliable services. CIS computer systems are not immune to tampering. CIS relies on all individuals to refrain from deliberate attempts to abuse the systems. If you are in doubt about something you would like to do, please ask in advance.
Accidents or errors in judgment happen to us all. We know that not all violations of acceptable use are intended. Even if intended, most are not malicious in nature. However, for the good of the community, we may need to act swiftly.
Violation of the acceptable use policies can result in the temporary locking of your account pending discussion with appropriate computing staff. Continued or clearly intentional violations will result account suspension and disciplinary action in conjunction with the appropriate campus office.
In the following paragraphs we present some of the acceptable and unacceptable behaviors on the network and the computer systems. It is important to realize that these range from College policy to the policies of the wide area networks to which we connect. There are some behaviors that are criminal and violation can lead to state or federal prosecution.
1. Mail and communications
1-1. Mass mailings are not permitted. We do encourage active use of the mail system for all sorts of communications, however. This is usually done between individuals or specific groups. Mailing a message to all the members of a class you are in (e.g., Psych 220) does not constitute a mass mailing; attempting to mail to the entire Senior Class or the entire faculty would be considered a mass mailing. The latter would result in too much disk space being used and not reclaimed if many of the individuals did not check (and delete) their mail. Please use judgment in the ambiguous areas. If in doubt, check with the appropriate staff of computing.
1-2. Participation in chain letters is not permitted. Do not save or send chain letters. You may send a copy to the system managers to help prevent their spread. Participation in chain letters results in tremendous waste of system resources. It also is against wide area network policies and puts our connections to the wide area networks at risk.
1-3. The use of the system for political purposes is not permitted.
1-4. The use of the system or network for commercial purposes is not permitted.
1-5. No advertising of any kind by mail. This includes sending out multiple copies of your resume to unknown individuals. There are other methods (netnews) for public announcements and advertising.
2. The system as a community
2-1. Do not inconvenience or be obnoxious to other users.
2-2 Many users of this and other systems use the computer for their day to day work. It can be distracting and obnoxious to obtain unsolicited mail or other messages from strangers.
2-3 Resources are limited, and shared by many individuals. Do not obstruct this work by consuming gratuitously large amounts of system resources (disk space, CPU time).
2-4 Do not continue any attempt at communications with someone who has indicated that communication is not desired. After someone has indicated that communication is not desired, continued attempts are considered harassment.
3. Recreational computing
3-1. The use of talk, irc, connections to muds, etc. is not supported, but it is also not prohibited.
3-2. Be aware that there are limited connection resources to the system (limited modems, limited seats in public computer labs, etc.) and do not abuse others who need the system for work or academic purposes by using the limited system resources for recreational computing at times of high system load.
3-3. Do not waste system resources by having your own copies of programs that are available on the system. While we do not actively support them, we do obtain them and put them on the system.
4. Security and unauthorized access
4-1. No use for illegal or criminal purposes.
4-2. Do no attempt to gain unauthorized access to any other system. Unauthorized access to systems or information is against College and wide area network policies. In some circumstances unauthorized access can result in prosecution under state or federal statutes.
4-3. Users should only access information that belongs to them, is permitted to them, or is public. Users must not attempt to decode, crack, or discover passwords that belong to others.
4-4. Any user who finds a possible security hole is obliged to report it to the system administrators. If you're not sure, report it, don't try to use it.
4-5. Users are responsible for all use of their accounts, including choosing safe passwords and ensuring file protections are set correctly.
4-6. Sharing passwords is not permitted. Your account is for YOUR USE ONLY. Do not lend out your password or allow others to gain access to your account. Even if you feel there is nothing private in your account, unauthorized use of your account can potentially compromise the security of the system. Again, your account is not to be used by others. NEVER give your password to anyone else!
4-7. Avoid the use of .rhosts. This is a file that allows others to enter your account WITHOUT a password.
4-8. Maintain good passwords. Having a password that is easy to guess is like giving MHC system resources to strangers. We are obligated to attempt to find passwords that can be guessed by standard, public domain programs. If a password can be guessed this way, you will be asked to change it or, if the account has been inactive, the account will be locked and you will need to contact us (usually in person) to get the account unlocked.
4-9. All users should be on notice that the system administrators do periodic security checks of the systems, including password checks.
Password and Account Security
- Password scams
- How to change your password
- Brief guidelines on password selection
Note: passwords can only be changed when logged into one system.
Currently you must be logged into AXIS to change the password. In the future, again it will become MHC that the passwords will be changed on. The change will take place on other systems within about 30 minutes. Administrative computing systems such as the AS/400 and VAX have independent password systems.
A common scam is for someone offsite to send a forged email message that apparently comes from our system administration. This email message tells the person to change their password to some known setting. This is a scam. There is NEVER any reason for you to be told to change your password to anything that is known by anyone else. No normal system manager would tell you anything like this. For additional information, please enter: see pwscam or see pwscam2
To change your password, enter the command: password or preferably: password -a
You will be prompted for information.
For security, your response is not printed on the screen.
"password -a" provides some suggestions for random passwords that may still be pronounced. For security, passwords should be at least 6 characters in length. More than eight characters is superfluous.
Avoid obvious words or information about yourself (names of children). They should be changed every semester or so, or if you feel someone
may have obtained your password. They should be kept confidential.
READ CAREFULLY THE SECTION BELOW ON SELECTING A SECURE PASSWORD!
Passwords are an entry into an individual's confidential (perhaps) information. If you accidently obtain someone's password, you should
inform the person that you obtained it and how, but you should UNDER NO CIRCUMSTANCES USE THAT PASSWORD.
Your account is for YOUR USE ONLY. You should NOT give your password to anyone else. You should choose passwords that are not easy
to guess (see below).
You should never give anyone your password for any reason. There is NO legitimate reason for anyone asking for your password.
You should NEVER enter your password to the computer system at anytime other than the normal login sequence. NEVER enter anything like your account password in email or when in "talk", "irc", or anything else. It can be captured and distributed to the Internet!
Unauthorized use of your account can compromise the entire system. You might not think that someone gaining access to your account matters, but that can provide a "foothold" for someone to gain access to other accounts. It does matter, if not to you, to others!
Suggested reading: "The Cuckoo's Egg".
Some brief guidelines for selecting a secure password:
Passwords to AVOID:
Never use any part of your name, department, phone numbers, or anything else that is contained in your account information or .plan or .project files. This information is public to the world and is used as a first line of attack on a system.
- Never use a word that is in any way related to a dictionary word (English or otherwise). Sticking a number in the word does not make it secure. Neither does sticking a punctuation mark in the word, though random punctuation marks can help. For example: the following are insecure and can be guessed by password cracking programs:
p0rt1a pr1nce c00kie g0nz0 weird? 2absolut iceiceNever use a password that is in any way related to a name slang phrase, or common misspelling.
- Never use a common pattern of numbers or keystrokes. "qwerty" and "123456" will be guessed in a very brief time.
- Reversals are no good: anything written backwards is also easy to guess. For examples: yeliab srehto
- Avoid passwords that some other clever individual thought was a good password.
What's left to use?
This is harder to describe than what to avoid. The "password" program when used like this: password -a will provide suggestions for random letters that almost sound like words. Use with care -- the suggestions are not always perfect and we have seen actual words appear. Not good!
Random patterns of letters that have meaning for you alone are good choices. These can be formed in a number of ways (as long as you don't accidently form a word or word fragment):
- The first two letters of the names of your three favorite authors A title such as _War and Peace_ could create: waanpe
- Make up a phrase: "my couch is red and ugly" which creates: mcirau Take this BASE password and put punctuation and/or numbers in them to increase security. Good non-letter characters to use are: , . / ; ' - mci.raw waa1npe- Then make at least one letter in the middle an uppercase letter: mcI.raw waa1nPe- The capital letter significantly increases the security. As long as you can remember the BASE of the password, it is easy to permute it and recall it easily.
For additional information, enter: see account or see conditions
To see a list of passwords that have been found to be bad at MHC over the last few years, enter: see password.bad
Electronic Mail Privacy
When using the electronic mail system, you should be aware of the conditions under which your letters are reasonably secure and private and the conditions under which it is possible that mail be read by someone other than the intended recipient.
First an important point: While it is true that the system managers of any system have access to any files, it is the policy of Computing and Information Systems at Mount Holyoke College that this needs to be brought in line.... unauthorized access to such files is ABSOLUTELY PROHIBITED. Infractions of this policy will not be tolerated. This includes not only the system managers, but anyone else who might inadvertently gain access to another individual's account. Inadvertent access to another user's account does not justify violating that user's file privacy.
When is it possible that mail might be read by other than the intended recipient?
- System errors: The only example we know of so far have been occasions in which the system has taken the address "." (typed in error) and sent the message to a random user. This has been corrected (1988).
- User errors: Mail to a non-existent user (caused by typos or incorrect usernames) is usually returned to the user but occasionally the system can't determine the source. In such a case the message is returned to the "postmaster" account for manual processing. The postmasters are the system managers of a system. Such messages are scanned by the manager to see if the recipient can be determined. If so, the message is forwarded along. In such a process, a message, or part of it, might be read to determine the recipient. Addressing errors are more likely on inter-campus messages, e.g., via BITNET, and such incorrectly addressed mail is almost always sent to the postmaster at the recipient's computer.
- Alias and distribution list errors: Errors in setting up a distribution list or using an incorrect "alias" may result in mail being sent to an unintended recipient.
- Off-campus mail: BITNET message have a higher probability of being read by others. BITNET is a "store and forward" network. Mail is sent from computer to computer. There is a time in which all messages temporarily reside on each computer on the way to its destination. While it should not occur, it is possible for a message to be read by a system manager while on that computer. In practice this rarely occurs except for extraordinary circumstances, i.e., if a system has problems with its delivery systems, the postmaster or system manager must intervene and attempt to send messages along "by hand."
Do you really have to worry? In practice, once you have correspondence going with an individual, there is rarely any occurrence of a message going astray. It is usually only in the beginning when people are trying to figure out the proper addressing schemes for each other that messages get bounced to the postmaster. The probability of premeditated intrusion on the various BITNET intermediate nodes is virtually nonexistent since most sites have policies of privacy as we do.
We recommend that confidential or potentially embarrassing material not be sent by electronic mail