Carnegie Mellon University Website Home Page
 
Skip navigation and jump directly to page content
News
Security News Archives
2007
October
Cyber Security Tricks and Treats Exhibition
Publication: Guidelines for Data Sanitization and Disposal
Publication: Guidelines for Bulk Email Distribution
Password Strength Testing - Fall 2007
Accounts
Network, Phone & TV
Software
Email & Calendar
Secure Your Computer
Clusters & Printing
Web Services
Classroom & Event Support
Education & Outreach
Support & Repair
Information Security Office (ISO)

Security Notice: Password Strength Testing - Fall 2007

Who:  Everyone

What:  Password Strength Testing

When:  Tested Sept 27, 2007. Notices sent on or after Oct 3, 2007 (US EDT)

How:
Password Strength Testing The Information Security Office (ISO) conducted a strength test of all Andrew and Active Directory account passwords on Sept 27, 2007.

The Help Center (advisor@andrew.cmu.edu) will send email messages on or after Oct 3, 2007 to accounts for which the password does not meet the minimum requirements for a strong password.  The email message will include instructions on how to strengthen the password.

Note that NO attempts were made to login to Andrew or Active Directory accounts during this test.  Only the passwords were analyzed.

The ISO will analyze Andrew and Active Directory passwords again on or after Oct 17, 2007.  If an account fails password strength testing during that analysis, a second round of notifications will be sent.  Retesting is designed to increase confidence that a strong alternate password was selected.

A password is often your last line of defense.  It protects access to email, applications and sensitive information, whether that information is about you, your students or your fellow staff and faculty.  Brute-force attacks to guess passwords are occurring on our networks on a daily basis.  A strong password reduces the chance of a successful attack.

What You Need To Do:
If you receive an email notice that your password failed strength testing, then do the following:

  1. Select a Strong Password
    See the Selecting a Strong Password section of Managing Your Andrew Password

  2. Change Your Andrew or Active Directory Password as Directed in the Email Notice

    Change Andrew Account Password
    1. From the My Accounts tab of the Carnegie Mellon Web Portal, click on the Change Your Password link under Password.
    2. Enter your:
      Andrew UserID
      Current Password
      New Password
      Re-enter your new password to confirm, then click Change Password.

    Change Active Directory Account Password
    1. From the My Accounts tab of the Carnegie Mellon Web Portal, click on the Active Directory Password link under Password.
    2. Carefully read the information and click "Take me to the Password Reset Tool" link if you understand and would like to continue.
    3. Enter your:
      New Password
      Re-enter your new password to confirm, then click Submit.

Contact:
Please direct any questions or comments to the Computing Services Help Center at x8-HELP (4357) or password-crack@andrew.cmu.edu.