Carnegie Mellon University Website Home Page
 
Skip navigation and jump directly to page content
Accounts
UserID & Password
Types & Entitlements
Password Strength Testing
Suspensions
File Storage Quota
Additional File Storage
Guide for Graduating Students
Network, Phone & TV
Software
Email & Calendar
Secure Your Computer
Clusters & Printing
Web Services
Classroom & Event Support
Education & Outreach
Support & Repair
Information Security Office (ISO)

Password Strength Testing

Twice a year, Computing Services runs a password strength program against all Andrew user accounts. The program is designed to find passwords that would be easily cracked by a fairly determined hacker.

Users whose accounts are easily compromised are notified via email and are asked to change their passwords to something more difficult for computer programs to break. We then run the crack program again, typically around two weeks later, so that we can find users who either didn't change their passwords, or who changed them to something just as easy to break.

Why We Run a Password Cracker

Computer Accounts and their passwords are typically the last, and in many cases the only, line of defense on a computer system. While many users claim that this should not be an issue because they have "nothing to hide" in their accounts, there are much more substantial dangers involved. If someone gets into a system using your account, they can:

  • Access any data in your account.
  • Access your email.
  • Access data in other accounts to which you have access.
  • Send electronic mail as you (using your Account ID).
  • Use your account to run programs which can cause damage to other systems on the network (Campus Network or Internet).
  • Possibly recover passwords or other access information to frequently visited websites or other confidential data.
  • Change your information such as university directory data, your mail forwarding address, and altering your spam filter.

Support Contact


Documentation & Training


Guidelines