Department of Engineering

IT Services

Password Security

Password Security

Members of the Engineering Department will normally have several different passwords. The, Computer Passwords web page, lists some of the different passwords that you may have, what they are used for and what to do if you forget one of them. Almost all of the passwords you are allocated are for your personal use only, and must not be shared with other people. The main exceptions to this rule are:

  • Cambridge University Engineering Department PINs:
    • primarily intended for use by the individual to whom they are allocated (the account owner)
    • they are only used to control access to less important facilities, and may in some circumstances be shared (e.g. a secretary may act on behalf of her/his manager).
    • All use remains the responsibility of the account owner.
  • Non-personal role accounts: these are accounts which give access to specific computer facilities, and are intended to be shared by a small group who perform the same function. The most common use of role accounts in the department are Hermes role accounts which provide access to shared mailboxes.

How can I take care of my password?

"Some of these points seem obvious, but people are caught out by all of them."

  • If you were given an initial default password, change it as soon as possible. Different systems set different initial passwords, but they are usually either designed to be very unmemorable or trivially easy to guess.
  • Do not give it anyone else or write it down where others may find it. If it is a non-personal password that is intended to be shared then only share it with the group who need to know it, and change it whenever anyone leaves the group.
  • Keep any computer you use up-to-date with anti-virus and other anti-malware software. This will minimise the chance of a password being snooped from your own computer. For further information contact pc-support.
  • Try to avoid typing your password on untrusted computers (e.g. in internet cafes). If you really need to use an untrusted computer change the password as soon as you can get access to a trustworthy computer.
  • Use different passwords on different systems. This limits the damage if one does become compromised, and means that if you decide you want to risk reading your email from an internet cafe you aren't exposing other accounts.
  • If you log in from home make sure your home computers are kept up to date with system fixes and anti-virus and other anti-malware software.
  • If you log in from other universities or companies keep alert to any security problems they may warn you about. If they have a problem you may need to change any password you have used from their system.
  • If you have any concerns about your password, change it. For details on changing Engineering Department passwords see either Operators Top Tips or Setting a new CUED password. For details on changing passwords managed by the Computing Service see Changing/Choosing Your Passwords.
  • Choose a good password: one that is hard to guess but memorable to you. Some guidelines are available from the Computing Service and at the end of Setting a new CUED password.

Why should I take care of my password?

Some people have said: "why should I bother to take care of my password? I don't have anything that I care about in my account!".

  • The following are all things that have happened to people in our department whose passwords been compromised.
    • The account was used to send out large amounts of junk email. You are likely to get large numbers of bounce messages swamping your email, and you may find your mail address blacklisted from sending mail to certain sites. It may also damage the reputation of the department.
    • The settings of the account were changed so that a copy of all emails received by the account owner were forwarded to someone else.
    • The settings of the account were changed so that either some or all emails were thrown away before being seen.
    • The account was used to break the security of the teaching system, and attack further accounts, which were then used to attack other systems in the university and elsewhere.
At best, compromising your password will be a temporary inconvenience to you.
At worst, it could inconvenience and embarrass both you and the department.