Password Policy

From Compute

LBL Physics Division Linux authentication

If you have an account on a linux computer belonging the Theory Group, the ATLAS group, the SCP group, the SNF group, or the Cosmic Structure Group (George Smoot), your login credentials are managed by a central authentication system.

Lab policy requires that you change this password at least once every 180 days. Note that this password is not in any way related to your LBNL LDAP (email) password. Changing one will not change the other.

You can change your linux password from any workstation you have access to by typing the command 'passwd'

[Note that this system is not NIS, so you should not use 'yppasswd' even if that has been the appropriate command in the past.]

Tips for Choosing a Good Password

Do not use any easily guessed thing. The passwords are checked on a regular basis, if yours fails some simple tests you will be forced to change it. Use at least 8 characters; a mixture of letters, numbers and non alphanumeric characters (such as # or %) is best. Do not use the same passwords on different machines. Do not reuse passwords.

Good passwords can often be generated by choosing a phrase, then using the first letter from each word. The password will be easily remembered, but very hard to guess.

For example, "Don't use this as your password, silly", would generate the password dutayp,s. Note that I've included the comma to make it harder to guess. You may also want to include some simple, easy to remember substitutions, like du7aYp,s, where I've replaced the t with a 7 because they kind of look alike to me, and I've capitalized the "Y" from "your."

Keep in mind that the total space of possible passwords is ~10^16, while the number of entries in the Oxford English Dictionary is ~10^8. This means that the total set of dictionary words and trivial permutations of them is a negligible subset of all possible passwords. Consequently, it is actually quite easy to choose a password that is as good as random. Please take a few minutes to do so.

Questions and comments to Jeffrey Anderson at root(at)