HP OpenVMS Guide to System Security: OpenVMS Version 8.4 > Chapter 3 Using the System ResponsiblyChoosing a Password for Your AccountTo choose a secure password, use the following guidelines:
Your security administrator may set up additional restrictions, for example, not allowing passwords with fewer than 10 characters. “Secure and Insecure Passwords” provides examples of secure as opposed to risky passwords. Table 3-1 Secure and Insecure Passwords
Typically, when you learn that an account has been created for you on the system, you are told whether a user password is required. If user passwords are in effect, you are told to use a specific password for your first login. This password has been placed in the system user authorization file (SYSUAF.DAT) with other information about how your account can be used. It is inadvisable to have passwords that can be easily guessed. Ask the person creating an account for you to specify a password that is difficult to guess. If you have no control over the password you are given, you might be given a password that is the same as your first name. If so, change it immediately after you log in. (The use of first or last names as passwords is a practice so well known that it is undesirable from a security standpoint.) Log in to your account soon after it is created to change your password. If there is a time lapse from the moment when your account is created until your first login, other users might log in to your account successfully, gaining a chance to damage the system. Similarly, if you neglect to change the password or are unable to do so, the system remains vulnerable. Possible damage depends largely on what other security measures are in effect. At the time your account is created, you should also be told a minimum length for your password and whether you can choose your new password or let the system generate the password for you. |