Members of the Engineering Department will normally have several different
passwords. The your computer passwords page lists some of the different passwords that
you may have, what they are used for and what to do if you forget one of them.
Almost all of the passwords you are allocated are for your personal use
only, and must not be shared with other people. The main exceptions to this
rule are:
Cambridge University Engineering Department
PINs.
Although these are
primarily intended for use by the individual to whom they are allocated
(the account owner), they are only used to control access to less important
facilities, and may in some circumstances be shared (e.g. a secretary may
act on behalf of her/his manager). All use remains the responsibility of
the account owner.
Non-personal role accounts: these are accounts which give access to specific computer facilities, and are intended to be shared by a small group who perform the same function. The most common use of role accounts in the department are
Hermes role accounts which provide access to shared mailboxes.
How can I take care of my password?
Some of the following points may seem obvious, but people have been
caught out by all of them.
If you were given an initial default password, change it as soon
as possible.
Different systems set different initial passwords, but they are usually
either designed to be very unmemorable or trivially easy to guess.
Do not give it anyone else or write it down where others may find it.
If it is a non-personal password that is intended to be shared then only
share it with the group who need to know it, and change it whenever anyone
leaves the group.
Keep any computer you use up-to-date with anti-virus and other
anti-malware software. This will minimise the chance of a password
being snooped from your own computer. For further information contact
pc-support.
Try to avoid typing your password on untrusted computers (e.g. in
internet cafes). If you really need to use an untrusted computer change
the password as soon as you can get access to a trustworthy computer.
Use different passwords on different systems. This limits the damage
if one does become compromised, and means that if you decide you want to
risk reading your email from an internet cafe you aren't exposing other
accounts.
If you log in from home make sure your home computers are kept up to
date with system fixes and anti-virus and other
anti-malware software.
If you log in from other universities or companies keep alert to any
security problems they may warn you about. If they have a problem you may
need to change any password you have used from their system.
Some people have said "why should I bother to take care of my
password? I don't have anything that I care about in my account!". So
what can go wrong if someone else gets your password? The following
are all things that have happened to people in our department whose
passwords been compromised.
The account was used to send out large amounts of junk email.
You are likely to get large numbers
of bounce messages swamping your email, and you may find your mail
address blacklisted from sending mail to certain sites. It may also
damage the reputation of the department.
The settings of the account were changed so that a copy of all
emails received by the account owner were forwarded to someone else.
The settings of the account were changed so that either some or
all emails were thrown away before being seen.
The account was used to break the security of the teaching system,
and attack further accounts, which were then used to attack other
systems in the university and elsewhere.
At best a compromise of your password will be a temporary
inconvenience for you, at worst it could seriously inconvenience and
embarrass both you and the department.
