CNetIDs & Choosing Passwords
CNetID
Your CNetID (Chicago Network ID) is your account name for most University services where you need to authenticate or log in to gain access. You will use your CNetID as the basis of your email address (e.g., where the CNetID is "janedoe," janedoe@uchicago.edu is the email address on the University system).
CNetIDs are now required by the University, as stated in the student policy manual.
Your CNetID is also used as your account name or login ID:
- to read your email using Webmail or Thunderbird;
- when you access your grades or register for classes using the Registrar's website;
- to access the Chalk system;
- to authenticate to the wireless network;
- to establish your own personal web page;
- when you authenticate to the University modem pool from off campus;
- when you use the web proxy server;
- in most situations where an account name is required.
If you have not already done so, you may claim your CNetID at http://cnet.uchicago.edu. Once you have claimed your CNetID, you cannot change it.
Choosing a Good Password
The following guidelines are available online at http://safecomputing.uchicago.edu/passwords/.
It can be difficult to choose a good password. The password should be fairly long and shouldn't be guessable, but at the same time, it should be easy to remember. If the password is difficult to remember, you will find that you want to write it down. It is not a good idea to write down passwords as someone else can find the paper you have written it on (or the file you have put it in) and digitally impersonate you.
Methods for Choosing a Good, Memorable Password
General Advice
When choosing a password, avoid using dictionary words.
Dictionary words are any common words, names, dates, or numbers, including words in foreign languages. One standard method that is used frequently when attackers attempt to guess passwords is a brute force attack. In a brute force attack, the attacker basically tries possible passwords over and over again until they manage to break into the account. Often they try dictionaries of commonly used passwords. We have seen dictionaries in English, Finnish, German, Japanese, Latin, Spanish, Italian, Chinese, Norwegian, Swedish, Chinese, Yiddish, Dutch, common jargon from Biology, Physics, Computers, common female names, common male names, names from cartoons, movies, television, Shakespeare, religion, and mythology as well as common and famous place names. It wouldn't surprise us to see dictionaries of Farsi or Akkadian words, either. Avoid using words or names, regardless of the language.
Don't use common misspellings of dictionary words (including replacing "l" with "1" and the like).
Many of the dictionaries include both common misspellings and words with letters replaced with similar looking numbers.
Don't use the name of the computer or your account.
Use a mixture of upper and lower case letters, numbers, and punctuation (that is, use multiple character classes)
| Character Class Name | Examples |
| Uppercase Letters | ABCDEFGHIJKLMONPQRSTUVWXYZ |
| Lowercase Letters | abcdefghijklmnopqrstuvwxyz |
| Numerals | 0123456789 |
| Symbols | !@#$%^&*() -+= _|\ `~ [] {} <> ,. '" :; (etc.) |
| "Unprintables" | space tab, control codes |
Avoid using characters that don't appear on a standard US 101 key keyboard.
While some systems may allow you to use "unprintables" (see above), an accented character, u-umlaut or a Euro symbol, don't always count on it working correctly. Characters that aren't easily typeable on a standard US 101 key keyboard may not work correctly in all circumstances.
Specific Methods for Selecting Good Passwords
Use letters from a phrase or song lyric.
Think up a phrase. For example, "Marx's Communist Manifesto has 8196 words in it!". Once you've decided on the phrase, choose the first (or last, or the second, or whatever) letter from each word. "Marx's Communist Manifesto has 8196 words in it!" You'll notice that in this example we've decided to include all of the punctuation. This is to improve the quality of the password. So, your password would be M'sCMh8196wii!. It is a nice, long password with a good mixture of character classes.
Combine a few pronounceable "nonsense" words with punctuation.
For example nuit+Pog=tWi. Pronounceable nonsense words are easier to remember than random characters. In our example, we have combined together the nonsense words in a way that is similar to an arithmetic formula, which makes it easier to remember. You may want to use other punctuation for similar reasons. Another example might be Fwep@par(?).
A few reminders of good general password practices
Never share your password.
Your account is assigned to you. You will be held responsible for the activities of the account. We do see cases where people use someone else's email account to send harassing email. Don't let this happen to you.
Never write down a password.
Passwords that are written down can easily be stolen.
Change your password with some frequency.
The longer that you have used your password, the more likely it is that someone else will figure it out. Just how frequently you should change your password depends on how frequently you use it and what you are protecting with it. Because you use your CNetID and password to access very personal information (your grades and financial information in cMore as well as your email), it is a good idea to change your CNet password often.
Never store your password in a program.
Many email clients, web browsers, and web services will offer to store your password for you so that you don't need to type it in each time you want to use it. This is a bad idea—it is generally trivial for people to recover your password from inside one of these programs if they have access to your computer (and sometimes even if they don't).
