Changes to facility password policies and tools.

In order to strengthen our facility Cyber Security posture and reduce the risk of future compromises, we will be changing the SDCC/RACF password policy to comply with newer best practices, as specified in NIST's Digital Identity Guidelines for Authentication (NIST800-63B).

You may use the new web interface for changing passwords. Your current SDCC/RACF user name and password are required for access.

As before, password changes are also possible on the ssh.sdcc.bnl.gov gateways using the passwd command. Password changes are not allowed on cssh.rhic.bnl.gov gateways. Excessive gateway login failures (e.g., multiple incorrect password entries) will result in a temporary login ban; if such a ban occurs, you may need to wait until the ban is automatically lifted and you can try to log in again.

In summary, passwords must adhere to the following requirements:

  1. The minimum length of all passwords has increased from 8 to 16 characters.
  2. The requirement for multiple character classes (uppercase, lowercase, numbers, and symbols) and password complexity has been eliminated. Multi-word pass phrases are permitted, and encouraged.
  3. Passwords are checked against a list of known compromised passwords.
  4. Passwords will never expire.

Note that all account passwords not updated before Monday, October 12, 2020, have expired. If you did not change your password before this date, or if you don't remember your current password in order to change it, please submit a support ticket in the UserAccounts queue and request to have your account password reset, including your BNL Life or Guest number in the request in order to expedite the process.

Your SDCC password is not the same as your SSH Key passphrase.