Passwords The YUAD/MontefioreAD windows domain ID and password is what's used for checking Einstein email (example, https://owa.yu.edu or https://owa.einsteinmed.org). It's been brought to my attention that some of members of Einstein need to change their passwords from the default ones given them years ago when the College setup the domain with the new email. This password is insecure and should be changed immediately. If you don't know your YUAD ID (mail login name), you can use the following page to find it: https://selfserveprod.yu.edu/pls/banprd/yumisweb.fetchad (official YU page) Please, PLEASE, PLEASE change your password if you have not already done so! These initial ones were not meant to be kept forever. More and more, the Domain is being used to access more information about us. Not just email, but timecards (Kronos), pay information (insidetrack), and a growing number of services the college uses, whether you ever log on yourself or not. It is important to also note that if you have any mobile devices, which either connect to monteradius with your AD credentials, or receive email from our exchange server (therefore also connecting using your AD name and password), you MUST disable wireless and internet connectivity on these devices before changing your password (the easiest way to do this is by turning on Airplane Mode). Once you have changed your password, BEFORE reconnecting these devices to the internet, you will need to reset the email passwords and have the device(s) forget the monteradius network. Then reconnect to the Montefiore wireless network. There are instructions to do this for your iPhone, iPad, and Android device. A simple way to change your password is to log into the email web addresses in the first sentence and use the "Change your password" link under the OPTIONS tab to the upper right. (See the tutorial at http://www.einsteinmed.org/centers/cancer/tutorials/change-password-on-OWA/change-email-password.htm) GUIDELINES FOR HAVING A GOOD PASSWORD (for anywhere. Not just with AD or on Einstein computers). There are no rules on the servers forcing you to have a "good", strong password. That will change!! But not yet. For now, it's up to you to create a stronger password and I recommend that you should, for security's sake. ITS Official Computer Policy handbooks: University Handbook for Faculty and Administrators University Handbook for Staff University Handbook for Students Some *minimum* rules for a strong password (for any place, not just here at Einstein, or on a Montefiore domain computer) are: 9 characters or more in length (formerly this was 8. These days, 9 or more is best) have AT LEAST 1 capital letter and 1 number in it (with the rest being lowercase) Some things to NEVER do: DON'T use the same password over and over! Your Einstein password should NOT be what you use for your bank, and Netflix, and iTunes, etc, etc. they should ALL be different passwords. DON'T use a dictionary word (as part or all of a Password). In any language's dictionary. DON'T use your name, child's name, wife/husband/partner's name etc. etc. DON'T use your social security number! Some examples (DO NOT USE THESE, since everyone knows these now): GOOD -> ITguynCH@N206 It's 13 characters long. Mixes cases, symbols and numbers, and (for me) it's easy to remember, since I am the Cancer Center’s "IT guy in Chanin 206". Mnemonic tricks like that are good ways to help you simply remember an otherwise complex password. You should think of similar tricks for yourself. BAD -> password, mypassword, wordpass, enter, 123456789, aaaaaaaaa I don't really need to say why these are really bad, bad, bad. GOOD -> a_passphrase_can_use_words_from_the_dictionary This is good because it's so LONG (44 characters). It also uses a "special character" (the underscore, between words. Please note, using spaces between words is usually a bad thing in a password. Not all computers can handle them correctly). This would properly be called a passPHRASE rather than a passWORD. From a computer standpoint, sheer LENGTH is also very complex, but you may also remember it easily. These are some basic suggestions about passwords. Please, for your electronic security, make sure you've changed your password on Montefiore's AD away from the default one they gave you, and use a strong password as outlined above, everywhere. Useful links (some of which have more links): Recommendation pages: https://pixelprivacy.com/resources/reusing-passwords/ https://security.web.cern.ch/security/recommendations/en/passwords.shtml http://www.microsoft.com/security/online-privacy/passwords-create.aspx http://en.wikipedia.org/wiki/Password_strength http://www.cs.cmu.edu/~help/security/choosing_passwords.html http://security.fnal.gov/UserGuide/password.htm https://wiki.sonic.net/wiki/Password_Guidelines http://www.thegeekstuff.com/2008/06/the-ultimate-guide-for-creating-strong-passwords/ http://www.lockdown.co.uk/?pg=password_guide http://web.trinity.edu/x276.xml http://www.tcnj.edu/~it/security/passwords.html Generators: http://strongpasswordgenerator.com/ http://www.pctools.com/guides/password/ http://passwordsgenerator.net/ Checkers: https://www.microsoft.com/security/pc-security/password-checker.aspx http://rumkin.com/tools/password/passchk.php http://www.passwordmeter.com/ Information: http://windowssecrets.com/top-story/protect-yourself-from-the-next-big-data-breach/ http://arstechnica.com/security/2013/05/its-official-password-strength-meters-arent-security-theater/ http://arstechnica.com/security/2013/05/why-intels-how-strong-is-your-password-site-cant-be-trusted/ (note: some information here is already outdated) https://www.grc.com/haystack.htm an excellent place to check your passwords, but don't use a password you check there (see below). NOTE: NEVER use any password you generate or check on the password generator pages and password checker pages. It is too easy for someone to either intercept the password or for a keylogger application to record it. Check your method of creation using these pages, and then create a new password. Thanks to Maurice Volaski for password links and Al Tucker for much of this text.