April 20, 2005 [Number 232] Printable version (356k PDF) Download Adobe Reader Please note that this issue of Interface is an archived issue. Therefore, the information contained in each article may no longer be current.
New NIH Password Policy Is in Effect
NIH began a new password policy on January 12, 2005. The policy applies to all employees and contractors who log in to NIH computers or computers that access the NIH Network remotely. This policy helps facilitate the NIH mission by protecting the confidentiality, integrity, and availability of NIH information. With this new policy, NIH is balancing the need to protect information while continuing to ensure the free flow of information so important to conducting research and improving public health.
IT security is becoming a bigger concern for NIH because hacker attacks are increasing in number and severity. As the use of electronic communications increases, risks arise that hackers will exploit vulnerabilities to steal or modify data and invalidate research. Strong passwords are the first line of defense against these potential intruders.
A strong password policy is necessary to prevent hackers from gaining unauthorized access into a system and any resources available to an authenticated user. Exploitation of weak passwords is one of the easiest and most common methods used by hackers to gain access to systems. Furthermore, a network is only as secure as its weakest link, and compromises in one computer can quickly spread to other areas of a network.
Responsibilities of Users
In the new password policyas in the previous password policyyou have to change your password every six months (180 days). System level passwords must change more often (90 days). There are also new requirements for password length and complexity.
Authorized users are responsible for the security of their passwords and accounts.
What to Do
What Not to Do
See a previous Interface article, "Are you a Computer Hackers Target?" in the July 2003 issue (number 227).
How to Change Your Password
Your network login is what you use to log on to your computer. To change the network password, just press Control + Alt + Delete, as you would to log off. In the lower left corner, click on "Change Password…" Your "User Name" and "Domain" are already visible. Enter your old password, your new password, and confirm your new password.
The NIH Login is what you use to log on to the NIH Portalclick "Change Password" to bring up the screen for changing your password.
VPN and Parachute Passwords
To change your VPN password or your Parachute password, please call the NIH Help Desk at 301-496-4357 or e-mail firstname.lastname@example.org.
Remember, IT security is about protecting information assets by effectively managing risks. Creating a password that is hard to guess is a worthwhile and necessary investment in protecting NIH information.
If you need help in resetting your password or if you forget your password, please call the NIH Help Desk at 301-496-4357 or e-mail email@example.com.
Note: To view the two Word documents linked above if you do not have Word installed, you can download Microsoft's Word Viewer.
|Published by Center for Information Technology, National Institutes of Health|
NIH...Turning Discovery into Health