SLAC Computer Security
Search SLAC
Password Change Instructions

Because of their open environments, many machines at educational institutions are vulnerable to attack. SLAC users logging in from these open environments or from machines provided by a conference should minimally use Secure Shell software (e.g. the Unix ssh command, Tera Term Pro in Windows) so their passwords are not sent in an unencrypted form. Users attending a conference where a secure login program such as ssh is not available should consider borrowing a laptop from the Help Desk (if you are not familiar with setting up IP addresses and modem properties in Windows, don't leave this until the last minute!).

Because it is impossible to know what software might REALLY be running on a machine in an open environment, it is a "best practice" to change your password after using an open-access machine.

Passwords for accounts at a single institution that have roughly the same level of security (e.g., Unix, Windows) may be the same, and there are reasonable productivity advantages from using the same password for all these systems. The password used for these systems should be different from that used for non-SLAC accounts you may have access to. (Most recent security incidents are the result of having the same password on external accounts which were compromised.)

If you have passwords for Mission Critical Systems (e.g. Accelerator Controls, Business Information Systems), they should be different than any of your other passwords, and it is strongly suggested you use a different algorithm for selecting these passwords.

Password Rules
  1. Password must be 8 or more characters in length.
  2. Password must contain three of the four following character sets:
    • English upper case (A-Z)
    • English lower case (a-z)
    • Numerics (0-9)
    • Special characters such as punctuation symbols (NOTE: do NOT use the 'space' character)

    Examples of bad passwords:

    • Mermaids
    • *vincent
    • 52598134
    • trebor12

    Examples of better passwords (BUT DON'T USE THESE!!!):

    • 1FLsw@2x
    • mK!&2sSt
    • heLp%1mE
    • rot4TioX
  3. A combination of all above criteria would result in a better password (recommended for all users). The password for Windows must contain characters from at least 3 of the sets and must not contain a string derived from your name or userid. For best results, do not place the unusual characters only at the beginning or end of the password. Note that some systems (e.g. VMS and Oracle) may treat upper and lower case characters in the password as the same. There also may be some restrictions on the special characters (Oracle does not allow slash (/), at-symbol (@), ampersand (&), or quote (") in passwords).
  4. DO NOT USE birthdays, names or other passwords which would be easy to guess, the idea is to choose something which does not reside in any dictionary or in any language.
  5. Never write your password down on paper or anything else which could be read by another person, i.e., DO NOT PUT A POST-IT WITH YOUR PASSWORD WRITTEN ON IT AND ATTACH IT TO YOUR MONITOR (or under your mouse pad).

If you have a Unix account change that password FIRST, then change your password for Windows, etc.

UNIX PASSWORDS

To reset your initial Unix password or change your password:

  1. Go to: https://unix-password.slac.stanford.edu

Note: You can use this form to change your unix password even if it has expired.  (If you can't remember your password you should contact account-services@slac.stanford.edu .)

To reset your initial Unix password or change your password before it has expired:

  1. Log into your Unix shell on a Solaris or Linux system (e.g. flora.slac.stanford.edu or iris.slac.stanford.edu).
  2. Using the criteria above, you can test a password using the command: /usr/local/bin/test_password

mcariola@flora03 $ /usr/local/bin/test_password
Enter password to test (RETURN to exit):
Password is OK

  1. To change the password type: password

e.g. for logged in account

mcariola@flora02 $ password

e.g. for alternate account

mcariola@flora02 $ password mcariola-a

  1. Follow the prompt to change your password..
  2. If you use the /bin/passwd program, it will not change your login password in most cases -- rather it will claim the old password is incorrect. 
  3. The change to the password takes place immediately.

WINDOWS PASSWORDS

To change your password in Windows:

Important: Be sure you are not logged onto a Windows machine in any other location (and do not have scheduled processes running) or after you change your password there will be a conflict causing your account to be locked.

In case something should go wrong and you need help, it is strongly suggested you do NOT change your password just prior to leaving SLAC for the day or weekend.

  1. Log into your account as usual, from a Windows machine.
  2. Once logged in, press the CTRL-ALT-DEL keys all at once.
  3. For Windows XP: Click the "Change Password" button in the dialog box that comes up. For Windows 7: Click "Change A Password"
  4. Follow the prompt to change your password using the criteria above, using TAB or mouse to change fields.
  5. Windows password changes should go into affect immediately.

Do not log in from a MAC to change your Windows password. (the change may appear to be successful but could leave you with an old or null Windows password).

Windows users can also change their Windows password using this web page:

https://win-password.slac.stanford.edu

ORACLE PASSWORDS

  • must be at least 8 characters long.
  • may be as long as 30 characters.
  • is not case sensitive.
  • may include
    • Letters A through Z.
    • Letters a through z. (These are treated the same as A through Z.)
    • Special characters.
  • may not include
    • Special characters forward slash (/), at-symbol (@), ampersand (&), space ( ) or quote (").

To change your Oracle password on the SLAC_TCP instance (which has most of the Oracle user accounts):

You can change a password on the SLAC_TCP system by going to the following URL. You will be prompted for your Oracle account and its current password and offered the opportunity to enter a new password.

https://oraweb.slac.stanford.edu/pls/slac/change_my_password

Note: If you have multiple accounts to change on SLAC_TCP, you will need to completely exit all browsers and re-enter, using the above URL, for each subsequent accounts.

If you don't know your old Oracle password or your Oracle password has already expired please send an email to db-admin@slac.stanford.edu.

For accounts on other instances of Oracle at SLAC:

You will need to log onto each instance using SQL*Plus and issue the "Password" command.

If you don't know your old Oracle password or your Oracle password has already expired please send an email to db-admin@slac.stanford.edu.

Getting Help

Contact your System Administrator or the CD Account Desk (650-926-2228) for questions on changing passwords.p>

Owner: SLAC Computer Security
Last Updated: 07/05/2011
Feedback: Please send to
Computer Security Feedback