Albert Einstein Cancer Center

Passwords

The YUAD windows domain ID and password is what's used for checking Einstein email (example, https://owa.yu.edu  or https://owa.einstein.yu.edu).  

 

It's been brought to my attention that some of members of Einstein need to change their passwords from the default ones given them years ago when the College setup the domain with the new email.  This password is insecure and should be changed immediately. 

 

If you don't know your YUAD ID (mail login name), you can use the following page to find it:

https://selfserveprod.yu.edu/pls/banprd/yumisweb.fetchad (official YU page)

 

Please, PLEASE, PLEASE change your password if you have not already done so! These initial ones were not meant to be kept forever. More and more, the Domain is being used to access more information about us. Not just email, but timecards (Kronos), pay information (insidetrack), and a growing number of services the college uses, whether you ever log on yourself or not. 

 

It is important to also note that if you have any mobile devices, which either connect to YUWIRELESS with your YUAD credentials, or receive email from our exchange  server (therefore also connecting using your YUAD name and password), you MUST disable wireless and internet connectivity on these devices before changing your password (the easiest way to do this is by turning on Airplane Mode).  Once you have changed your password, BEFORE reconnecting these devices to the internet, you will need to reset the email passwords and have the device(s) forget the YUWIRELESS network.  Then go back to YUSETUP to resetup our device(s) on YU's wireless network. There are instructions to do this for your iPhone, iPad, and Android device

 

A simple way to change your password is to log into the email web addresses in the first sentence and use the "Change your password" link under the OPTIONS tab to the upper right. (See the tutorial at http://www.einstein.yu.edu/centers/cancer/tutorials/change-password-on-OWA/change-email-password.htm)

 

GUIDELINES FOR HAVING A GOOD PASSWORD (for anywhere. Not just with YUAD or on Einstein computers).

 

There are no rules on the servers forcing you to have a "good", strong password. That will change!! But not yet. For now, it's up to you to create a stronger password and I recommend that you should, for security's sake.

 

ITS Official Computer Policy handbooks: 

  • University Handbook for Faculty and Administrators   
  • University Handbook for Staff  
  • University Handbook for Students  

  • Some *minimum* rules for a strong password (for any place, not just here at Einstein, or on a YUAD domain computer) are:

     

    • 9 characters or more in length (formerly this was 8. These days, 9 or more is best)
    • have AT LEAST 1 capital letter and 1 number in it (with the rest being lowercase)

     

    Some things to NEVER do:

     

    • DON'T use the same password over and over! Your Einstein password should NOT be what you use for your bank, and Netflix, and iTunes, etc, etc. they should ALL be different passwords.
    • DON'T use a dictionary word (as part or all of a Password). In any language's dictionary.
    • DON'T use your name, child's name, wife/husband/partner's name etc. etc.
    • DON'T use your social security number!

     

    Some examples (DO NOT USE THESE, since everyone knows these now):

     

    GOOD -> ITguynCHN206   It's 12 characters long. Mixes cases and numbers, and (for me) it's easy to remember, since I am the Cancer Center’s "IT guy in Chanin 206". Mnemonic tricks like that are good ways to help you simply remember an otherwise complex password. You should think of similar tricks for yourself.

     

    BAD ->  password, mypassword, wordpass, enter, 123456789, aaaaaaaaa ­ I don't really need to say why these are really bad, bad, bad.

     

    GOOD -> a_passphrase_can_use_words_from_the_dictionary This is good because it's so LONG (44 characters). It also uses a "special character" (the underscore, between words. Please note, using spaces between words is usually a bad thing in a password. Not all computers can handle them correctly). This would properly be called a passPHRASE rather than a passWORD. From a computer standpoint, sheer LENGTH is also very complex, but you may also remember it easily.

     

     

    These are some basic suggestions about passwords. Please, for your electronic security, make sure you've changed your password on YUAD away from the default one they gave you, and use a strong password as outlined above, everywhere.

     

    Useful links (some of which have more links):

     

    Recommendation pages:

     

    https://security.web.cern.ch/security/recommendations/en/passwords.shtml 

    http://www.microsoft.com/security/online-privacy/passwords-create.aspx 

    http://en.wikipedia.org/wiki/Password_strength 

    http://www.cs.cmu.edu/~help/security/choosing_passwords.html 

    http://security.fnal.gov/UserGuide/password.htm 

    https://wiki.sonic.net/wiki/Password_Guidelines 

    http://www.thegeekstuff.com/2008/06/the-ultimate-guide-for-creating-strong-passwords/ 

    http://www.lockdown.co.uk/?pg=password_guide 

    http://web.trinity.edu/x276.xml 

    http://www.tcnj.edu/~it/security/passwords.html 

     

    Generators:

     

    http://strongpasswordgenerator.com/ 

    http://www.pctools.com/guides/password/ 

    http://passwordsgenerator.net/ 

     

    Checkers:

     

    https://www.microsoft.com/security/pc-security/password-checker.aspx 

    http://rumkin.com/tools/password/passchk.php 

    http://www.passwordmeter.com/ 

     

    Information:

     

    http://windowssecrets.com/top-story/protect-yourself-from-the-next-big-data-breach/ 

    http://arstechnica.com/security/2013/05/its-official-password-strength-meters-arent-security-theater/ 

    http://arstechnica.com/security/2013/05/why-intels-how-strong-is-your-password-site-cant-be-trusted/ (note: some information here is already outdated)

    NOTE: NEVER use any password you generate or check on the password generator pages and password checker pages.  It is too easy for someone to either intercept the password or for a keylogger application to record it.  Check your method of creation using these pages, and then create a new password.

     

    Thanks to Al Tucker for much of this text. 

    SEARCH 

    Message From the Director

    I. David Goldman, M.D.

    Since the start of the 20th century, scientists have sought ways of harnessing the immune system to attack cancer cells. The challenge has been enormous. The immune system is designed to destroy foreign ... 

    read more 

     
     

    Contact us

    Albert Einstein Cancer Center
    1300 Morris Park Avenue
    Bronx, New York 10461
    Telephone: 718.430.2302
    aecc@einstein.yu.edu  

    Twitter image  LinkedIn image 

     

    Calendar of Events

    Click here to log in