Page One

Campus Computing News

"Pass the word, please"

Round Reel Revolution

Students in the Tree

ssh . . .

The New Wordmarks are Here!

The Software Crisis

RSS Matters

The Network Connection

List of the Month

WWW@UNT.EDU

Short Courses

IRC News

Staff Activities
    

"Pass the word, please"

Computing Center Helpdesk Migrates to Automated Password Change System

By Dr. Ty Young, UNIX Systems Administrator

Chances are good that, at one time or another, you've had to go to the Computing Center's Helpdesk offices in the Information Sciences Building, Room 119, in order to request a new password for an account you have on one of our UNIX host systems known as Jove and Sol. Since passwords on our systems are one-way encrypted, we can't look up your old password, so we have to issue you a new password if you've forgotten or lost your old one. You probably know the following scenario all too well:

The Problem

You've received a yellow copy of the 'Password form' containing your userID and a new password that the Helpdesk staff member made up for you, on-the-fly. "Gee," you think, "this password isn't so bad. I can live with it for now. I'll change it later." So you trot off to one of the General Access labs to check your E-mail, buoyant that you've finally got a password that will work.

You try logging in; it doesn't work. After another six hours of waiting, it still doesn't work. You give up and go home. Unfortunately, you managed to leave your "yellow sheet" beside the computer in the lab, so you've now created three problems:

  1. The next person who sits down at the computer you'd been assigned has (or will, when the password change finally does go through) access to everything related to your account: your programming code, your term papers, your E-mail to that guy or girl you met last Friday, etc.

  2. Now you'll have to come back to ISB 119 to get another password, because you've lost the password sheet we gave you before.

  3. This has the effect of delaying your ability to E-mail your professor or advisor yet another day. you've just compromised security on our host systems, because the person who picks up your password sheet happens to know something about UNIX (there are a lot more of them out there than you might think!) and how to exploit vulnerabilities in operating system.  If s/he does this, you're held responsible, because (as we pointed out when you received your account from us) you're responsible for all actions associated with this account.  And if s/he actually compromises a system by deleting essential files or entire filesystems, it may take us days to clean up the mess and restore things from tape back-ups, during which time nobody on campus can use their UNT Internet accounts.

Obviously, this is a big issue for you, and for us as well. We tell you when we assign the new password to you that you're required to change your password as soon as possible so that you, and only you, know the valid password for your account. But we sort of get the impression that a lot of you don't do that as quickly as we' advise. (Of course, if you did change your password as soon as possible after getting the new one from us, none of the three risks above would come into play.)

The Solution

The Helpdesk is using a newly-developed, WWW-based system for changing passwords on UNIX host systems. It's essentially an electronic version of the "yellow sheet", but we've added a few features to the Helpdesk's procedure, in order to serve you better. Here's how it works:
 

  1. You come into the Helpdesk area and tell us you need to reset your password for your UNT Internet Account.

  2. We request your UNT ID card. If you don't have one, you need to get one, because it's official identification that you're connected with the University. Students, full-time and part-time (even hourly) faculty and staff are required to carry one (see "Identification Regulations" at http://www.unt.edu/student/other_rules.htm).

  3. We swipe your card through a card reader we have connected to a couple of machines in the Helpdesk area. By the way, we've done something called 'domain-restricting' to these Web pages to ensure that they're only accessible by the machines in the Helpdesk, and then only by our Helpdesk staff-members.

  4. The system pulls up your accounts, and we ask for which account (if you have more than one, which most of you won't) it is that you'd like to have the password reset. When you tell us, we verify that this account really is yours, and that it's an active, working account.

  5. When we've verified all that with you, we click on a button on the screen, and, seconds later, a page emerges from our printer, displaying your name, username and a new, randomly-generated password.

  6. We tell you that, by accepting this new password, you've agreed to change your password to something that you and only you know, as soon as possible.

  7. Your password is reset, automatically, within 30 minutes of the time you requested the change (usually less!)

Remember that UNT Computing Center policy (section 4.2.1.d)  requires you to change your password as soon as possible after receiving a temporary password from the Helpdesk area. The password should be known only to you. It goes without saying that you should never write down a password: commit it to memory, and destroy any written record of present or previous passwords you have on any system. For help in developing your own password scheme, you might check out our "Password Change Information" Web page.

If you have a question about your UNT Internet account, please contact the Helpdesk at (940) 565 2324 or helpdesk@unt.edu -- or, better yet, stop by in person (ISB 119)! If the Helpdesk group is unable to answer your question, they'll open a trouble call and assign it to an appropriate Computing Center support group, and your will get an answer as soon as possible.