Once a user has obtained a user account on any of the HPC or storage facilities, the user will be given a user name and password for this account. User accounts are strictly personal. It is not permitted to share your user account with someone else. It is the user's responsibility to secure the confidentiality of the password.
The following policies apply to password management by the user
- Do not share a password with another person. Never give a password to anyone, including people who claim to be from customer service, help desk or security.
- Do not write down a password on paper, unless it is saved in a secure place that cannot be accessed by other people (e.g., safe); never write down a password electronically, unless access to the password is sufficiently protected (e.g., encryption).
- Do not use the same password for more than one account. A user may have access to more than one HPC facility. In such a case, the user will have the same username on each facility, but the user is discouraged from having the same password.
- Be careful to log off (or lock your sessions) before leaving your computer unattended.
- Change the password whenever there is suspicion it may have been compromised.
- The user is encouraged to change the password regularly (at least once a year).
- Passwords must be non-trivial.
Any identified violation of password policies will be followed up by the system administrator. This may include progressive sanctions beginning with warnings and result in possible loss of access privileges or job termination.
Where confidentiality is mandated by law, e.g., with classified information, a violation of password policy could be a criminal offence.
The password must contain at least 3 of the 4 following items:
- One or more lowercase letters
- One or more uppercase letters
- One or more digits
- At least one of the following symbols: !@#&$%^+=-
Additionally, the password must contain 8 or more characters.
Waiting times
From the moment you change or reset your password, you might have to wait until you can log on to the resource. It normally takes up to one hour.
Conditions
The following is required to be able to use the automated password reset functionality:
- Either an HPC or storage user account. Users with a local user account(s) will have to contact an administrator of the resource where they have the user account to reset their passwords.
- The HPC or storage user account must be associated with a mobile phone number as it is used for verification purposes. Missing information can be remedied by contacting Sigma2.