Don't fall for them!!
In order to assure you that messages are really from UMD system
administrators - particularly those regarding passwords, follow these guidelines regarding
Here are some web sites that have further information on e-mail phishing
Smith Notes mail is protected to a large extent by
Postini, our spam blocker. BUT no spam blocker can stop everything. Be
diligent in protecting yourself.
Why do I need a strong password?
How long do you think it will take to crack your password? You might be
A hacker can crack a password that’s 7 characters long with upper and lower case
letters in only 3 hours with a simple cluster of ordinary computers. But change
some of those 7 letters to numbers and a special character (@#$%&*) and you
increase the time it takes to 8 1/2 days. Increase that password to 8 in length
and the time it takes to crack that password jumps to more than 2 years! Hardly
seems worth the effort.
Check this website for a chart showing how different password combinations stack
(NOTE: The systems they describe as Class "D" are just like the desktops in our
offices, and what they call Class "E" is a cluster of ordinary computers - EASY
for any hacker to throw together.)
another reference regarding the importance of password strength.
Password Quality Checks
A password cannot provide protection if it can be guessed by unauthorized
visitors. Potential attackers can also attempt to utilize every possible
combination of characters in order to break a password. Password composition
rules are chosen to ensure that the number of possible character combinations is
large enough that such an attack cannot be accomplished in a reasonable period
For Directory passwords, the following quality rules are applied:
Additionally, your password choice will be submitted to a program that
determines if your selection is likely to be identified by computer programs
that guess passwords based upon dictionary searches. This includes making simple
substitutions of digits or punctuation that resemble alphabetic characters (such
as replacing the letter S in a common word with the $ symbol).
Beginning in December, another state mandated security feature will be
incorporated to defend against automated programs that attempt to guess
Directory passwords. If someone incorrectly guesses your password six
consecutive times, authentication of your Directory password will be blocked for
the next ten minutes.
Selecting Good Passwords
The password quality checks establish a minimally acceptable level of
password quality. Increasing the length of your password beyond eight characters
markedly increases the security of that password. No matter how complex your
chosen password might be, it will not be a secure password if you write that
password on a post-it note and keep that note where it might be discovered (the
underside of the keyboard is not a secure location).
Take advantage of the fact that the space character is a valid choice (although
not for the first or last character of the password) and create phrases or
sentences. A sentence with punctuation and one or two deliberate typographic
errors will be far easier to remember than eight random characters and (for many
people) will be easier for you to type whenever you need to authenticate.
For additional tips on selecting good passwords, please see the Password
Recommendations page from the OIT Help Desk.
As you may have heard in the news recently, as much as 9 out of every ten
emails sent nowadays are spam messages and levels are up 12% year on year from
Q1 2009. (http://www.pcmag.com/article2/0,2817,2362638,00.asp).
Postini is a SPAM filtering service that is provided with your Smith email
account. If you have a Smith Lotus Notes account, your Postini account has
already been set up for you with default settings to begin filtering spam and
viruses. You do not need to do anything to begin using this service. However, it
is a flexible product that puts the user in control of spam and viruses. It is
up to you to decide how lenient or aggressive the filters are and/or which
addresses to allow through.