You may be using a Web browser that does not support standards for accessibility and user interaction. Find out why you should upgrade your browser for a better experience of this and other standards-based sites...

Dartmouth Home  Search  Index

Dartmouth Home | Search | Index

 Dartmouth home page
Computing at Dartmouth
 

Home | Resources | Services | Support | About
Computing > About > Policies >  E-mail >  

DND Name and Password Policy

Your Dartmouth Name Directory (DND) name and password identify you on the Dartmouth network. It is your electronic fingerprint. It is imperative that you protect this identity so that someone else cannot impersonate you on the network.

Responsibilities

Everyone who is a current member of the Dartmouth community has an entry in a database called the Dartmouth Name Directory (DND). If you are in the DND, you automatically have access to a wide array of computing resources. Given that the DND is used to authenticate users for academic and administrative services, the consequences of an easy-to-guess password have become much more serious. Every member of the Dartmouth community is responsible for the use and protection of their password. If you think someone else is using your password to gain access to Dartmouth services, you should change it immediately.

Rules for Valid Passwords

There are specific rules to which your password must conform in order to be accepted as a valid password. If your current password does not conform to these rules, you should change it to one that does. These rules will make it much more difficult for someone else to guess your password. A mixture of numbers and upper- and lower-case letters is strongly recommended. Password rules are:

  • It should be eight characters using only numbers, upper and lower case letters, and common punctuation.
  • There can be no more than four characters in sequence (e.g., "12345" or "abcde" are not allowed).
  • It must contain at least five different characters (e.g., "2a3a2a3a" only contains three different characters so is not allowed).
  • It cannot be a word found in the dictionary (e.g., "password").
  • It cannot be a reversal of a word found in the dictionary (e.g., "drowssap").
  • It cannot be a word found in the dictionary plus one additional character either before or after the word (e.g., "xalgebra" or "algebrax").
  • It cannot be a word found in the dictionary with numbers substituted for look-alike letters (e.g., "passw0rd" or "pa55word").
  • It cannot be a word found in the dictionary minus any punctuation, symbols or numbers (e.g., "oclock" or "soninlaw").

Protecting Your Password

If you use BlitzMail on a computer that is in a public area, make sure you sign off of BlitzMail whenever you leave the computer. If you leave a computer while still signed on to your BlitzMail account, someone else can use your account to send mail that looks like it came from you; delete messages in your account; read your incoming mail; change your DND password; etc.

If you are a student and you forget your password, stop by the Computing Help Desk, located in 172 Carson Hall, between the hours of 9:00 a.m. and 4:00 p.m., weekdays, to have your password reset. If you are a faculty or staff member, contact your department's computing support office. You will be required to show your Dartmouth ID.

Another way of verifying your identity is to use Web Authentication. Web Authentication (WebAuth) is a new system designed to streamline the authentication process for any of Dartmouth's Web-based systems, to make the process of logging into Web-based systems more secure, and to provide support for additional operating systems. If you use WebAuth on a public computer, it is important to quit the Web browser when you leave the computer so the next person using the it cannot access authenticated Web pages as if they were you. In addition, if you are using WebAuth on your own personal computer and you want to navigate to other Web pages, you can quit the browser or log out of WebAuth before going to other Web pages.

In addition, there are a few applications that allow you to use Kerberos authentication to verify your identity. Kerberos software is comprised of two parts, SideCar and KClient. Once installed and running on your computer, you simply enter your user name and DND password in the KClient dialog box to create a Kerberos "ticket." This ticket is automatically sent to any Kerberos-controlled application to which you are trying to connect (e.g., BlitzMail). This ticket is accepted as proof of your identity in lieu of your entering your user name and password again. Whenever you use Kerberos authentication, you must remember to close your ticket when you leave a computer so that the next person using the computer cannot access Kerberos-controlled applications using your name from the ticket you left behind. On Windows computers, evidence that you have a ticket will be an open lock icon or a floating window with your name in it that appears on your desktop. To close your ticket on a Windows computer, simply close the ticket window on your desktop. There is no visible ticket on Macintosh computers, so you must remember to open the Kerberos window and select Destroy ticket if you want to close a Kerberos ticket on a Macintosh. For additional information on Kerberos and Kerberos tickets, see Download Kerberos.

02/27/08

 

 

Last Updated: 2/28/08