38,760
edits
Securing your account/en: Difference between revisions
Jump to navigation
Jump to search
Updating to match new version of source page
(Updating to match new version of source page) |
(Updating to match new version of source page) |
||
| Line 7: | Line 7: | ||
* Users are strongly encouraged to use unique passwords, and to never reuse them. | * Users are strongly encouraged to use unique passwords, and to never reuse them. | ||
* Passwords are sensitive confidential information and users must never share or disclose them by any means. Users should also refrain from disclosing tips that could help identify their passwords. | * Passwords are sensitive confidential information and users must never share or disclose them by any means. Users should also refrain from disclosing tips that could help identify their passwords. | ||
* Users are encouraged to never write down a password. In the situation where a user needs to write or store | * Users are encouraged to never write down a password. In the situation where a user needs to write or store their password on a given media, it is acceptable to do so given that the appropriate security measures to prevent unauthorized access are in place (encryption, strong password protection, etc.). A user should never store or write a password to facilitate access or transfer between information systems. | ||
* Users are encouraged to not use the "remember your password" feature of browser or operating systems. | * Users are encouraged to not use the "remember your password" feature of browser or operating systems. | ||
| Line 30: | Line 30: | ||
== For the system you log in from == | == For the system you log in from == | ||
Security issues often start on the outside, by a third party getting access to a user's password or (passwordless) | Security issues often start on the outside, by a third party getting access to a user's password or (passwordless) SSH key. To help prevent this, please: | ||
* Log in from trusted computers only; | * Log in from trusted computers only; | ||
* On Windows computers, make sure to regularly run a virus scanner and malware scanner; | * On Windows computers, make sure to regularly run a virus scanner and malware scanner; | ||
| Line 38: | Line 38: | ||
== For the system you log in to == | == For the system you log in to == | ||
One important advantage of using | One important advantage of using SSH keys is that the remote system only needs your public key. This value is not sensitive, so there is no risk of disclosure. If someone gets your public key, all they can do is give you additional access. | ||
* Avoid placing any private keys on remote machines, even encrypted ones. An unencrypted key is equivalent to a password, and may be stolen or exposed | * Avoid placing any private keys on remote machines, even encrypted ones. An unencrypted key is equivalent to a password, and may be stolen or exposed inadvertently. An encrypted key is, by itself, not sensitive - except if you ever use it on that machine (at which point you are effectively trusting the machine.) | ||
* If you use ssh-agent, avoid forwarding it to remote machines. Our clusters use host-based trust within the cluster, so you do not need to re-authenticate if you connect to an internal node. | * If you use ssh-agent, avoid forwarding it to remote machines. Our clusters use host-based trust within the cluster, so you do not need to re-authenticate if you connect to an internal node. | ||