Password policies
The following policies apply to password management by the user
- Do not share a password with another person. Never give a password to anyone, including people who claim to be from customer service, help desk or security.
- Do not write down a password on paper, unless this is saved in a secure place that cannot be accessed by other people (e.g., safe); never write down a password electronically, unless access to the password is sufficiently protected (e.g., encryption).
- Do not use the same password for more than one account. A user may have access to more than one HPC facility. In such a case, the user will have the same user name on each of these facilities, but the user is discouraged to have the same password on these facilities.
- Be careful to log off (or lock your sessions) before leaving your own computer unattended.
- Change the password whenever there is suspicion it may have been compromised.
- The user is encouraged to change the password regularly (at least once a year).
- Passwords must be non-trivial.
Any identified violation of password policies will be followed up by the system administrator. This may include progressive sanctions beginning with warnings and result in possible loss of access privileges or job termination. Where confidentiality is mandated by law, e.g., with classified information, a violation of password policy could be a criminal offence.
The password must contain at least three of the four following items:
- One or more lowercase letters
- One or more uppercase letters
- One or more digits
- At least one of the following symbols: !@#&$%^+=-
Additionally, the password must contain 8 or more characters.
Waiting times
From the moment you change or reset your password, you might have to wait till you can log on to the resource. It normally takes up to one hour.
Conditions
The following is required in order to be able to use the automated password reset functionality
- Either an HPC or storage user account. Users with a local user account(s) will have to contact an administrator of the resource where they have the user account in order to reset their passwords.
- The HPC or storage user account must be associated with a mobile phone number as it is used for verification purposes. Missing information can be remedied by contacting UNINETT Sigma2.