Security guidance for Melbourne Bioinformatics (formerly VLSCI) users

Background

For any shared facility the security of all its users data rests on the choices and actions of the people who use it day to day. To keep your data secure against attackers it's important that all Melbourne Bioinformatics users choose good passwords and passphrases and never share them with others, even with members of their own project or Melbourne Bioinformatics staff.

Choosing a good password

Internet connected sites like Melbourne Bioinformatics are under constant attack from hackers trying to guess your password, so picking a strong passwords is a vital part of keeping your account, and everyone else's, safe here at Melbourne Bioinformatics so knowing what makes a good password is really important. In short we advise:

One possible recipe is to pick a few words and glue them together with some numbers and special characters. For instance:

StageText
Initial wordsDo Not Use This Text
Final PasswordDo2Not4Use6This8Text!

There's a lot of good guidance on picking passwords, including this Google page, this AUSCERT page and this US-CERT page.

Protecting your SSH private keys

SSH keys can be used to authenticate ssh connections instead of passwords. If done correctly they can be convenient and more secure, but if done badly they can seriously compromise your security and that of the systems you use. If you need to use SSH keys to access Melbourne Bioinformatics you need to be very careful with them. We suggest, as a minimum:

Choosing a good passphrase for SSH private keys

SSH is more forgiving about spaces in passphrases than UNIX passwords, so you can happily pick a longer sentence and use that with the sorts of mix mentioned about passwords above. So this could be a good passphrase (but don't use it!):

This could be a good SSH passphrase for 3 months!