Passwords and Security

• I forgot my password on MIE, can you e-mail me my password?
• When I login I get a message that my password is about to expire, what can I do?
• My password is not working anymore, what's wrong?
• How do I change my MIE password?
• Why cannot I use an easy password? Why should I be concerned about security?
• What can I do to protect my password?
• What else can I do to keep my account | computer | files secure?

No, you are the only one who knows your password and we do not send any passwords by e-mail. To have your password reset please go to the Computing Services offices. Bring your student card as ID.

That means that you have to change your password as soon as possible. You should change your MIE password at least once a year. If you let your password expire, the system will not let you in until you change it. See below how to change your MIE password...

Check that your keyboard is not in Caps-Lock mode (remember that the password is case sensitive). It is also possible that your password has expired and you have to change it, see below. If that fails, contact the Systems Administrators; your account might have been locked or disabled.

Simply go to the Computing Services website (www.mie.utoronto.ca/computing) and select the link to "Change MIE Password".
Alternatively, you can login to the Unix system using a Secure Shell (SSH) program: Connect to mie.utoronto.ca and login with your current password.
If your password has already expired, the system will ask you to change it right away. You will have to enter your current password a second time and then a new password, also twice. For example:

Connected to mie.utoronto.ca...
login: jsmith
Password: current_password
Choose a new password
Enter login password: current_password (again!)
New password: new_password
Re-enter new password: new_password

If your password is still valid, you will be logged on to the Unix system. To change your password, enter the Unix command "passwd". For example:

jsmith@mie% passwd
passwd: Changing password for jsmith
Enter login password: current_password
New password: new_password
Re-enter new password: new_password
Password successfully changed for jsmith

You are responsible for the security of your account regardless of what you use it for. If your account gets compromised because a malicious user guessed your password, every other user at MIE is at risk! If the Systems Administrators detect that your account has been compromised, your password will be locked and you will not be able to use your account. Your account will be reactivated only with permission of your supervisor.

Never use a password that is easy to guess. Do not use any common name or any word in any language. Use a mix of letters, numbers and other characters (@#$% etc). Do not write down your password. Do not share your password with anyone. Change your password at least once a year, or anytime you suspect someone else guessed or stole your password.

When possible, use Secure Shell (SSH) software instead of Telnet and Rlogin. The regular telnet and rlogin connections transmit your password through the network lines in clear text (unencrypted) even if it is not displayed on your screen. Malicious users sniffing the network lines can capture your password. SSH connections uses encryption to transmit all data through the network. The MIE Unix servers support SSH. Check the following site for a list of some SSH programs for PCs and Macs: http://www.cs.toronto.edu/~djast/ssh.html

Always choose your own password and keep it secret. Do not let anyone tell you what password to use. There have been incidents in which users get a fake e-mail, apparently from the Systems Administrator, asking them to change their password to a given one. After the users followed the instructions of who they thought was the sysadmin, the intruders logged on to their accounts. If the true Systems Administrators ever ask you to change your password (perhaps for security reasons), they would never tell you what password to use.

• Do not leave your computer or terminal unattended while you are logged on to the system.
• Do not install software or files that you are not familiar with, particularly networking software.
• Always be suspicious of programs that you receive by e-mail.
• Keep your computer (PC or Mac) up to date on security fixes. Check the software vendors web sites regularly for updates (e.g. Microsoft, Apple). The Systems Administrators will generally maintain and update Unix systems.
• Avoid saving passwords on your computer.
• If you need to turn on network sharing of files or folders on your PC or Mac, always protect them with passwords.