|
|
The system manager can allow you to select a password on yourown or can require that you use the automatic password generatorwhen you change your password. If you select your own password,note that the password must follow system restrictions on lengthand acceptability (see Observing System Restrictions on Passwords). For example, if your password choice is too short,the system displays the following message:
%SET-E-INVPWDLEN, invalid password length - password not changedChoosing a Password for Your Account providesguidelines and examples for specifying secure passwords.
There is no restriction on how many times you can change yourpassword in a given period of time.
Selecting Your Own Password
If your system manager does not require use of the automaticpassword generator, the SET PASSWORD command prompts you to enterthe new password. It then prompts you to reenter the new passwordfor verification, as follows:
If you fail to enter the same password twice, the passwordis not changed. If you succeed in these two steps, there is no notification.The command changes your password and returns you to the DCL prompt.$
SET PASSWORDReturn
New password:
Verification:
Even though your security administrator may not require thepassword generator, you are strongly encouraged to use it to promotethe security of your system. Using Generated Passwords describes how to use generated passwords.
Using Generated Passwords
If your system security administrator decides that you mustlet the system generate the password for you automatically, thesystem provides you with a list of password choices when you enterthe DCL command SET PASSWORD. (When the system does not requiregenerated passwords, add the /GENERATE qualifier to SET PASSWORDfor a list of password choices.) The character sequence resemblesnative language words to make it easy to remember, but it is unusualenough to be difficult for outsiders to guess. Because system-generated passwordsvary in length, they become even more difficult to guess.
The password generator uses basic syllabic rules togenerate words but has no real knowledge of any language. As a result,it can unintentionally produce words that are offensive. |
$
SET PASSWORD
Old password:Return
[1]
cigtawdpau cig-tawd-pau
[2]adehecun a-de-he-cun
ceebatorai cee-ba-to-rai
arhoajabad ar-hoa-ja-bad
Choose a password from this list, or press Return to get a new list
[3]
New password:Return
[4]
Verification:Return
[5]
$
[6]
The preceding example illustrates the following: One disadvantage of automatic password generation is the possibilitythat you might not remember your password choice. However, if youdislike all the password choices in your list or think none areeasy to remember, you can always request another list.
A more serious drawback of automatic password generation isthe potential disclosure of password choices from the display thecommand produces. To protect your account, change your passwordin private. If you perform the change on a video terminal, clearthe display of password choices from the screen after the commandfinishes. If you perform the change in a DECwindows environment,use the Clear Lines Off Top option from the Commands menu to removethe passwords from the screen recall buffer. If youuse a printing terminal, properly dispose of all hardcopy output.
If you later realize that you failed to protect your passwordin these ways, change your password immediately. Depending on sitepolicy or your own judgment concerning the length of time your accountwas exposed, you might decide to notify your security administratorthat a security breach could have occurred through your account.
Changing a Secondary Password
To change a secondary password, use the DCL command SET PASSWORD/SECONDARY.You are prompted to specify the old secondary password and the newsecondary password, just as in the procedure for changing the primarypassword. To remove a secondary password, press the Return key whenyou are prompted for a new password and verification.
You can change primary and secondary passwords independently,but both are subject to the same change frequency because they sharethe same password lifetime. See Password and Account Expiration Times for information on password lifetimes.
Changing Your Password As You Log In
Even if your current password has not yet expired, you canchange your password when you log in to the system by includingthe /NEW_PASSWORD qualifier with your user name, as follows:
Entering the /NEW_PASSWORD qualifier after your user nameforces you to set a new password immediately after login.WILLOW - A member of the Forest Cluster
Username:
RWOODS/NEW_PASSWORD
Password:
Welcome to OpenVMS on node WILLOW
Last interactive login on Tuesday, 7-NOV-2001 10:20
Last non-interactive login on Monday, 6-NOV-2001 14:20
Your password has expired; you must set a new password to log in
New password:
Verification:
|
|