Current Topics

by Bob Thorson

This is a new column which will be devoted to administrative topics. In light of recent events my first article is on security issues.


The first line of defense for user accounts is choosing a good password. A good password simply is something you can remember without writing down and is impossible for someone to guess. A guessable password is anything you'll find in electronic form i.e. a dictionary (English or Foreign), encyclopedias, etc. It is also a good idea when choosing a new password to include abnormal capitalization/control characters and numbers.

If it is absolutely necessary to write down your password, be careful how you do it. Don't put your login name or the machine name on the same piece of paper. Put some other things on the paper that look like passwords. Don't attach the piece of paper to your terminal or keep it in plain view. A locked cabinet is best.

Q: How often should I change my password?

A: As often as you can.

If you only log in from on campus terminals or campus modem connections then once a semester is probably sufficient. If you are logging in from an internet service provider (isp) then you need to change password very often. When you log into a computer from home via an isp, your password is transmitted over the network and is not encrypted until it reaches its destination.

I recommend that if you log in via an isp you use a secure shell program. I am currently using a secure shell client from Data Fellows (see Secure Shell article ... next column) which is available for Windows/Macintosh. Secure shell clients are also publicly available for unix platforms. When using a secure shell the communications link between the secure shell client and server are encrypted.


The next line of defense for your account is awareness of account activity. When you log into the computer the first line you'll see tells you when and from where you last logged in. If it says you last logged in yesterday from some computer in Finland. You should report it immediately (and change your password).


If you see anything abnormal or suspicious you should report it immediately. Send email to and follow this up with a phone call to either 895-1493 (my number), or 895-4153.

[an error occurred while processing this directive]