Changes to facility password policies and tools.

To reinforce the SDCC facility Cyber Security posture and reduce the risk of future compromises, the SDCC/RACF password policy has been designed to comply with current best practices as specified in NIST's Digital Identity Guidelines for Authentication (NIST800-63B).

Users may employ the web interface for changing passwords. Your current SDCC/RACF username and password are required for access.

Password changes also can be made on the ssh.sdcc.bnl.gov gateways using the passwd command. Password changes are not allowed on cssh.rhic.bnl.gov gateways. Excessive gateway login failures (e.g., multiple incorrect password entries) will result in a temporary login ban, whereupon a user may need to wait until the ban is automatically lifted before attempting another login.

Passwords must adhere to the following requirements:

1. The minimum length of all passwords is 16 characters.
2. No requirement for multiple character classes (uppercase, lowercase, numbers, and symbols) and password complexity. Multi-word passphrases are permitted and encouraged.
3. Passwords are checked against a list of known compromised passwords.
4. Passwords will never expire.

If you cannot recall your current password, please submit a support ticket in the User Accounts queue to request an account password reset. To expedite the process, include your BNL Life or Guest number in the request.

Note: Your SDCC password is not the same as your SSH Key passphrase.