Password and Account Protection
A user is given a username (also known as a login name) and associated password that permits her/him to access NERSC resources. This username/password pair may be used by a single individual only: passwords must not be shared with any other person. Users who share their passwords will have their access to NERSC disabled.
Passwords must be changed as soon as possible after exposure or suspected compromise. Exposure of passwords and suspected compromises must immediately be reported to NERSC at email@example.com or the Account Support Group, firstname.lastname@example.org.
If you forget your password or if it has recently expired, and you have previously answered your NIM security questions, you can reset your password using the Self-Service Password reset link on the NIM login page (https://nim.nersc.gov - Reset Your NIM Password?). See "Managing Your User Account With NIM" in the NIM User's Guide. If you haven't answered the Security Questions, you will need to call Operations at 800-666-3772, menu option 1, or 510-486-6821 to get a new temporary password (we do not send passwords via email). The temporary password is good for only 24 hours. You should login to NIM with this temporary password, and immediately choose a new password. After about 10 minutes, this new password may be used to login to any NERSC computer.
Passwords for New Users
NERSC must have a Computer User Agreement (CUA) form on file before activating a user's account and assigning a user a password in the NIM system. This form can be submitted online.
Once we have received the form and attached it to your account (assuming that your PI has already requested that you be added to their project repository), you will receive an email with a link that will allow you to set your initial password. This link will expire after 72 hours. If it has expired, you will need to call Operations at 800-666-3772, menu option 1, or 510-486-6821 to get a temporary password. The temporary password is good for only 24 hours. You should immediately login to NIM with this password, and choose a new password. After about 10 minutes, this new password may be used to login to any NERSC computer.
How To Change Your Password in NIM
All of NERSC's computational systems are managed by the LDAP protocol and use the NIM password. Passwords cannot be changed directly on the computational machines, but rather the NIM password itself must be changed:
- Point your browser to nim.nersc.gov and login to nim.nersc.gov.
- Click on the "Change My Password" link at the top left-hand corner of the main page next to the Logout link, or select "Change NIM Password" from the Actions pull-down list in the NIM main menu.
Passwords must be changed under any one of the following circumstances:
- At least every six months.
- Immediately after someone else has obtained your password (do NOT give your password to anyone else).
- As soon as possible, but at least within one business day after a password has been compromised or after you suspect that a password has been compromised.
- On direction from NERSC staff.
Your new password must adhere to NERSC's password requirements.
As a Department of Energy facility, NERSC is required to adhere to Department of Energy guidelines regarding passwords. The following requirements conform to the Department of Energy guidelines regarding passwords, namely DOE Order 205.3 and to Lawrence Berkeley National Laboratory's RPM §9.02 Operational Procedures for Computing and Communications.
When users are selecting their own passwords for use at NERSC, the following requirements must be used.
- Passwords must contain at least eight nonblank characters.
- Passwords must contain a combination of upper and lowercase letters, numbers, and at least one special character within the first seven positions.
- Passwords must contain a nonnumeric letter or symbol in the first and last positions.
- Passwords must not contain the user login name.
- Passwords must not include the user's own or (to the best of his or her knowledge) a close friend's or relative's name, employee number, Social Security or other Identification number, birth date, telephone number, or any information about him or her that the user believes could be readily learned or guessed.
- Passwords must not (to the best of the user's knowledge) include common words from an English dictionary or a dictionary of another language with which the user has familiarity.
- Passwords must not (to the best of the user's knowledge) contain commonly used proper names, including the name of any fictional character or place.
- Passwords must not contain any simple pattern of letters or numbers such as "qwertyxx".
Your login privileges will be disabled if you have five login failures while entering your password on a NERSC machine. You do not need a new password in this situation. You can clear your login failures on all systems by simply logging in to NIM . No additional actions are necessary.