Personal tools
University Computing Service

Information & documentation

Changing/Choosing Your Passwords

IS6

Changing Your Passwords

Your initial password on each Computing Service System is generated automatically. You should change your password as soon as possible to a non dictionary word of no fewer than 6, and preferably 8 (or more where systems indicate this is possible) characters. See below for advice on choosing a good password. When changing your password please allow up to 30 minutes for your new password to take effect.

MCS

  • On the PCs (Windows)
    • Click on the Start menu
    • Hover over All Programs
    • Hover over Account Management
    • Click on Change Password
    • You will be prompted for your old and new passwords
  • On the PCs (Linux)
    • Left click on the Applications menu (in the panel)
    • Scroll up to highlight Account Management then, from the pop-up menu, left click on Change Password
    • You will be prompted for your old and new passwords
  • On the Macintoshes
    • Go to Applications -> Utilities -> DS Account Management
    • Select the Change Password tab and then the Reset DS password... button to open the DS Password Utility window
    • You will be prompted for your old and new passwords
  • By remote access to MCS Linux
    • Login using SSH (eg. ssh youruserid@linux.pwf.cam.ac.uk)
    • Type passwd and follow the instructions
    • You will be prompted for your old and new passwords

Hermes

  • Using a web browser go to https://webmail.hermes.cam.ac.uk/
  • Type in your userid and password and click login
  • Click Manage on the top menu bar
  • Click Change Password and follow the instructions

Raven

  • Using a web browser go to http://raven.cam.ac.uk/
  • Click the account management page link
  • Type in your userid and password and click submit
  • Click Change Password and follow the instructions

VPDN

  • Login to the VPDN as vpdn using SSH (eg. ssh vpdn@vpdn-admin.csx.cam.ac.uk)
  • Login using your userid and VPDN password select option p

For further help see FAQ N3: What should I do if I've forgotten my password or it doesn't work?

Choosing a Password

For many years there was an effective limit of eight characters for passwords on most systems. This no longer applies to most modern systems, which typically have much higher limits. Because of the way some Windows software handles passwords, there is a considerable security advantage in having passwords of 15 or more characters on Windows machines. On many systems, including modern Windows systems, it is possible to use full sentences (passphrases), which helps with memorability.

Strong passwords

Use a mixture of upper and lower case letters (uppercase on more than just the first or last letter), as well as at least two digits or punctuation characters. Recommended techniques for inventing a strong password you can actually remember include:

  • a pair of unrelated words with punctuation inserted, or a full sentence which is nonsense or is not obvious to anyone but you.
  • the initials of two or more friends (unrelated), with punctuation inserted
  • the first letter of each word in a phrase or song title, with mixed case and punctuation/numbers
  • alternating one consonant and one or two vowels, to create a nonsense word which you can pronounce, and perhaps including this nonsense word in a longer phrase.

Weak passwords

The following types of password should be avoided:

  • null (blank) passwords
  • passwords of fewer than eight characters (preferably go up to 15 or more wherever possible)
  • simple sequences such as qwerty, letmein, welcome, hello, the name of your department or group
  • long passwords which are obvious sentences or well-known quotations
  • anything you would find in a dictionary (in any language or jargon), or any dictionary word slightly modified (e.g. by adding a number to the end, or changing l to 1) any name (including that of a partner, parent, child, pet, literary character, famous person or place)
  • any variation (e.g. backwards, or followed or preceded by a digit) of your own name, your Cambridge user identifier, your username on any other system, your birthday, car registration number or any other personal information
  • any small variation on your existing password
  • your password on another system.

After you have chosen your password

Most people have many passwords and PINs to remember, calling for a difficult compromise between memorability and unguessability. Some suggestions for making strong passwords memorable are above.

  • If passwords must be written down, they should be kept in a non-obvious form; if you store them on a computer system then you should encrypt the file, protected by another (strong!) password.
  • Never leave a handwritten copy lying about
  • Never give your password to other people, however trustworthy you believe them to be (this includes your friends and family)
  • Passwords should be changed at regular intervals
  • Different passwords should be used for different computer systems, so that if your password is cracked the damage may be limited. If you cannot manage unrelated passwords on all the systems you use, minor variations are at least better than having identical passwords.

Further advice and examples are available.

Last updated: July 2010 Last reviewed October 2011