UC Davis Information & Educational Technology

UC Davis Cyber-Safety Program: Authentication

If you are a computer user within an academic or administrative department on campus, you may have a Technology Support Coordinator (TSC) who is working to secure your system. Before taking any of the security steps listed below, please check with your TSC.

From the UC Davis Cyber-Safety Program Policy:

"Campus electronic communications service providers must have a suitable process for authenticating users of shared electronic communications resources under their control.

  • No campus electronic communications service user account shall exist without passwords or some other secure authentication system, e.g. biometrics, Smart Cards.
  • Where passwords are used to authenticate users, the password selection method must be configured to prohibit the use of passwords found in common dictionaries or match the account name.
  • All default account passwords for network-accessible devices must be modified upon initial use.
  • Passwords used for privileged accounts must not be the same as those used for non-privileged accounts.
  • All campus devices must use encrypted authentication mechanisms unless an exception has been approved by a senior administrator. Unencrypted authentication mechanisms are only as secure as the network upon which they are used. Any network traffic may be surreptitiously monitored, rendering unencrypted authentication mechanisms vulnerable to compromise."
Back to Cyber-Safety Main

Information...

What is authentication?
Authentication is the process whereby a computer and/or network identifies a user with a username and password.


Why is this important?
Accounts with no passwords, weak or easily guessable passwords, or default passwords are inherently insecure and are extremely vulnerable to compromise and unauthorized access of confidential data. There are many tools available that can crack a weak password in a short period of time. Following password complexity guidelines greatly increases the time it takes to crack a user password. And because campus users authenticate to departmental and campus resources many times per day - every time email is checked, central calendars accessed, or files are transferred - the possibility of password interception is high. Encrypted authentication makes passwords that are intercepted by malicious users difficult to break. It is also important that administrative passwords be different from those assigned to user accounts, to prevent a malicious user who may have gained access to a user account through various needs (e.g., network sniffers, social engineering) from accessing more powerful and privileged accounts. Also, it is recommended that privileged accounts not be used for unprivileged tasks, and vice versa - in other words, those users who have privileged access should have two accounts, one account for performing secure work, the other for everyday work.

Passwords are to be kept confidential and not shared. The UC Davis Acceptable Use Policy prohibits password sharing.

What is UC Davis doing to protect me?
UC Davis offers the Kerberos authentication system to campus technical staff in need of an authentication system for their department:

Please note...

  • The Macintosh OS X Password Assistant rates a user password as it is typed in and points out problems that may lead to an easily breakable password. The Password Assistant is invoked when a user changes a password using the Keychain Access utility within OS X.

Campus sysadmins recommend...