From the KnowledgeBase
Computer Passwords at Princeton University
Why do we need computer passwords?
NetIDs and passwords are used to identify you to a computer system. You need to identify yourself to ensure that only you have access to your own private information, to ensure that only authorized people gain access to licensed programs and systems that are restricted to specific people, and to protect the entire University network from access by unauthorized people. If someone obtains your password it may compromise all computers on the University network.
How do I get a netID and password initially?
OIT assigns you a University netID and a University password. The netID will work on all computer systems that most people will use at the University, and it is expected that you'll keep the same netID for as long as you are employed and/or enrolled at Princeton. The password you are assigned will work for many common systems such as e-mail and the Web, but not all systems. Your initial password may be very easy to guess. Therefore, recently we have required that you change it to something that only you know and that is very hard to guess, before you use it to access information. OIT will help you do this, but not even OIT will know your password once you change it. Please see www.princeton.edu/puaccess to set your security profile, select a secure password, and turn on your account.
Why is an insecure password dangerous?
Some systems allow passwords that are easy to guess such as your birthday, your name, or common English words. While you might think that it would take a long time to guess a rare word, such as 'mimesis,' those trying to guess passwords use computer systems that in seconds can try every word in a large dictionary. Also, many systems move your password over the network in a way that allows other determined people to see it. For helpful information on how to create a strong password, see kb.princeton.edu/2762.
What happens if someone discovers my password?
The obvious result is that someone would get access to your e-mail and to all the systems you are authorized to use. If you can use the purchasing system, HR system, or any other system, a person with your netID and password can do everything on their computer that you could do on your computer. A person with your password could also pretend to be you, for example sending e-mail that you would never send.
Worst of all, your computer is trusted by the University computer network. If someone gains access to your computer they are a threat to all computers at Princeton. Many hackers who break into a computer will use it as a launching pad for attacks on computers inside and outside Princeton University. Any insecure computer is a threat to all of us.
Who is responsible for computer security?
We all are. While OIT can modify computer systems and create policies, ultimately every user of a computer on Princeton's network can make it easy, or difficult, for their computer - and therefore the entire network - to be compromised. We will only have a secure computer network if all of us work together to make it that way.
- To find your netID, go to the Online Campus Directory and enter your name.
- To set your security profile and secure your password, use PUaccess.
- For a technical, but very useful, overview of computer security issues at Princeton, see: www.princeton.edu/informationsecurity
- For more information on ISPs (Internet Service Providers) go to: www.princeton.edu/remote