Taming the Password Jungle

• The ACCC Common Password
• About ACCC Common Passwords
• Setting Your ACCC Common Password
• Other ACCC Passwords
• Any Chance You Might Forget Your Password?
• -- Before You Forget Your Password
• -- When You Forget Your Password

The ACCC common password is a single strong password that is used for your ACCC accounts (on argo, icarus, mailserv, tigger, and UICalendar, if you have them); for logging in the ACCC public labs; for the Blackboard instructional classroom service; for the ACCC dialin lines and UIC Wireless and Res-Net networks; and for logging in to use various secure Web services such as Nessie and library's online services; and, of course, for changing your ACCC password. Whew!

Set and change your ACCC common password on the Web at a new and easy to remember URL:

http://passwords.accc.uic.edu

(Of course there are convenient links on the ACCC home pages.)

Using one password for most of your UIC and U of I online services is a good thing. It's a lot easier to remember just one password than a whole bunch of passwords, so you should be able to make your one password stronger and less easy to guess and still be able to remember it without having to to write it down for someone else to find and steal.

But having one password for all these services can also be a bad thing, if you're careless with it. If someone does steal your ACCC common password, they will have access to all those accounts and services. You must be more careful with this password because more is at stake if it is compromised.

And even a strong password is no defense against sniffing. We urge everyone to use as many additional precautions as they can, including sending their password in encrypted form as much as possible, using secure email programs such as Eudora with SSL or WebMail, using ssh to login to UNIX servers instead of telnet, or using encrypted connections such as UIC Wireless.

What the Common Password Is

The ACCC common password must be at exactly eight characters long and:

• It must contain at least one uppercase letter, one lower case letter, one number or punctuation mark, and no spaces.
• It must pass a dictionary challenge -- it cannot match a word in a dictionary.
• It cannot be based on your name or netid.
• Nor can it be the same as any password that you have in the past year.
• And finally, it can't be a simple pattern such as Abcd1234 or Qwerty12.

When the Common Password Expires

ACCC common passwords expire periodically. We will send warning email ahead of time, and also give timely warning via authenticated Web pages and other services whenever practical.

If you don't respond to the warning, and the password does expire, you will still be able to log in to the password changing utility using your expired password and change your common password. But you won't get any other services until you do change your expired password.

You can set a new common password whenever you wish. Anytime that you have reason to think that your current password might be compromised, it is an excellent idea to change it just to make sure.

To change your ACCC common password, either go directly to: http://passwords.accc.uic.edu
or go to the ACCC home page: http://www.accc.uic.edu (or any ACCC Web page), click the purple Accounts button, then select Password Changing Utility.

1. Login with Bluestem, using your UIC netid and an ACCC password. (An expired password will work here.)
   
   
2. On the ACCC Password Changes page, type your new password twice, once in each box. The text at the bottom of the window explains the requirements.
   
   
3. Click Change Password.
   

   The New ACCC Password Changing Utility, http://passwords.accc.uic.edu

   
   
4. If the password changing utility doesn't like what you've selected, it will return an error message and put you back in the password changing screen to allow you to choose another new password. Don't be discouraged if the first few things you try don't work out. This is a strong password; it's reasonably picky.
   
   
5. After you successfully choose your new ACCC common password, you will be given a chance to create a new ACCC account (in case that's what you needed an ACCC common account for) or to change the place that email sent to your netid at uic.edu email will be delivered (in case you're in the process of switching your email to mailserv, for example). Or, of interest to everyone is Password Recovery Options, which we talk more about in Before you forget your password below.

The ACCC common password is not used for ADSM/TSM backup accounts for on-campus personal computers or workstations, but there is a link on the ACCC Choose a New Common Password Web page to the page that you use to change your ADSM password. Nor is it used for ACCC Server Services or ACCC Lotus Notes accounts; those passwords you change in the usual way.

Sure! If you haven't yet, you will someday. I learned the hard way never to change my password on Friday because I won't be able to remember the new one on Monday. So after you select your ACCC common password, take the time to set up a way for you to change your password yourself when your someday comes.

Your password identifies you as you. So what you need is another way to identify you as you that doesn't depend on your password. There are now two different ways to do that, which don't depend on your knowing your current password.

Click on the purple Accounts button at the top of the ACCC Home page (or any ACCC official Web page), then Passwords - Click Here before you forget your password.

Then choose one or both of the following:

(1) Set a Secret Challenge Question and Response. This one everyone can use. After you select a challenge/response pair, we'll allow you to change your ACCC common password if you can provide the right response for your recorded challenge. The challenge is a question that presumably only you know the answer to, and the response is the answer. The Set Up Web page has the details of case, punctuation, spacing, and length.

(2) Set an Emergency Email Address. This you can only use if you have a secure email address that doesn't depend on your ACCC password. When you forget your password, we send your Emergency Email address a message with a special secret and a URL. Paste the secret on the Web page, and you'll be allowed to change your ACCC common password.

Obviously, you don't want to use an email address that other people know about or that has an easily guessable password.

Your security in using these services is completely in your hands. Anyone on the Internet can find out your challenge phrase, and they can make as many guesses at your response as they have the patience to enter. Thus challenges like "What is my spouse's name? or "What is my favorite color?" won't do. (The first is too easy to find; the second is too easy to guess.) And your emergency email address is only as secure as you keep its existence and password. If you advertise its existence, you're asking for someone to try it out and see if it works.

Now, let's say your someday has come; you don't remember your password. Maybe you haven't logged on in a while or you changed your password and you don't remember what you changed it to. Not a problem; you're prepared.

You go to the ACCC home page or any ACCC Web page and click on the purple Accounts button at the top of the page. The select Passwords - Help I've Forgotten My Password.

Type your netid in the Netid: box by the rescue option that you want to use and click the button beside it.

• If you're using the challenge/response method, you type your response in the box below the your challenge (make sure you have case and punctuation right) and your new password in two boxes for conformation, and click Submit Response.
  
  
• If you're using the emergency email method, we'll send you an email message right away. This one is easier to do than it is to explain. After you receive the email message, go to the URL in the message, and cut the secret (don't get any extra blanks at the beginning or the end) from the email message and paste it into the box in the Web page, and click Submit Secret.

In both cases, if everything matches up, you'll be transferred to the standard ACCC password changing Web page and will be allowed to change your password as usual.

Not prepared? Then you must have your password changed (to something temporary, that you must change again immediately), in person. Go to the Client Services Office, http://www.accc.uic.edu/cso/; another ACCC consultant office; or ACCC Network Operations, room LL55 BGRC. Be sure to take a picture ID.