Carnegie Mellon University Website Home Page
 
Skip navigation and jump directly to page content
Documentation Index
Accounts
Managing Your Password
Your Account and Password
Selecting a Strong Password
Forgot Your Password
Changing Your Password
Accounts
Network, Phone & TV
Software
Email & Calendar
Secure Your Computer
Clusters & Printing
Web Services
Classroom & Event Support
Education & Outreach
Support & Repair
Information Security Office (ISO)

Andrew Account and Password

Your Andrew account (Andrew ID) is your gateway to the computing environment at Carnegie Mellon. Your account gives you secure access to such services as e-mail, network registration and other services. You can find the Andrew ID of Carnegie Mellon affiliates by visiting the Carnegie Mellon directory web page. For more information on requesting an account and specific account entitlements, please see the Andrew Account Types page.

Your Andrew Password

Once your Andrew account has been created for you, you'll need to set a personal, strong password (see the section Selecting a Strong Password). Depending on your affiliation, refer to the information below:

  • New first-year undergrads: Visit the web page https://webiso.andrew.cmu.edu/cgi-bin/passr/initialsetup.cgi follow the on-screen instructions to set your password. You'll need to know your Admission ID in order to access the web site.

  • All others: Your initial password will be set to the first eight digits of your university ID. Visit the My Accounts tab of the Carnegie Mellon Web Portal. Under Password, select the link to Change Your Password. Next, under Password, select the link for Forgot Your Password? and click Configure... to configure the password reset tool. Setting this tool now will make life much easier for you if you ever forget your password.

Why having a strong password is important

Many users believe that having a password which is easy to type or remember is more important than security. Often this is because they are not particularly concerned about the confidentiality of the files in their Andrew accounts. Frequently we hear people say, "There isn't anything important in my account, and I believe in free access to information. I don't really care if someone can break in and get to my files."

While it may be true that their files are not important to them, these people are not considering the larger picture. An account is more than just a collection of your files. When an unauthorized person gains access to your account it can lead to any of the following activities:

  • Send electronic mail as if they were you. While this may seem harmless at first glance, there have been cases where falsified electronic mail has caused real damage. Such messages can include death threats, fraudulent offers for services or sale of merchandise, or inappropriate or harassing remarks to someone with which you regularly correspond, or to a complete stranger. Further, if you are in a position of authority (e.g., faculty member, staff member with supervisory duties) falsified messages telling a student or employee that they are going to fail a class or be fired can be presented. There is no way to prove that someone else sent such messages if they authenticated themselves to the system as you, using your password.
  • Read your electronic mail. This would, of course, include any messages which you consider to be confidential.
  • Use your account as a "launching point" to initiate attacks against other computer systems. Should such activity occur, you could lose access to the account, and your ability to login, for days or even weeks while your account is examined for the hackers code and hidden files and directories. In extreme cases, your entire account may be copied and given to authorities under a court order.
  • Gain access to other services. This might include course materials through Blackboard, your grades and registration information, network registration, or other information.

The password to your account is the last line of defense against a potential intruder. Maintaining good password security is as important, and as easy to do as locking the door to your house or your car. A truly determined attacker will find ways to break-in, but making it easy for them is not in your best interest

Last Updated: 10/04/07