Spring Break
Mandatory password changes to NetID aimed at styming hackers
By: Cody Calamaio
Issue date: 2/4/08 Section: News
What some students may see as a hassle could save their private information.
All students, faculty and staff with UA NetID's must change their passwords on a rolling schedule starting Feb. 11.
The mandate stems from increasing reports of passwords that have been compromised, e-mail accounts broken into and hackers who have gotten inside the campus network though a virtual private network that allows you to connect to the UA from an off-campus computer, said Michael Torregrossa, director of computing services for University Information Technology Services.
"We've seen several reports where people have gotten in using compromised NetID passwords," he said.
He said UITS is implementing new requirements like this one in hope of keeping hackers at bay.
NetID passwords are used for a slew of UA student services, including WebMail, Student Link and D2L.
Students can test the strength of their new passwords before selecting one. Passwords are good for 45, 90, 180 or 360 days based their strength.
A strong password is greater then eight characters, uses upper and lower case letters, and numbers, special characters or spaces, Torregrossa said.
He recommends that people use a "pass-phrase," a sentence complete with capitalization, spaces and punctuation.
With this new system, every student will have to change their password at least once a year.
"The reason for periodic changes is that we estimate hacking tools and techniques will continue to advance," Torregrossa said. "So what's considered strong today might not be strong next year."
There has always been a password-strength requirement for NetIDs, but hacking techniques and programs have advanced over the years, Torregrossa said.
"What was considered strong six or seven years ago is no longer considered strong," he said.
NetIDs are kept for 18 months after a student or employee leaves the UA.
If a password isn't changed by its expiration date, it will expire and the user won't be allowed to log in.
All students, faculty and staff with UA NetID's must change their passwords on a rolling schedule starting Feb. 11.
The mandate stems from increasing reports of passwords that have been compromised, e-mail accounts broken into and hackers who have gotten inside the campus network though a virtual private network that allows you to connect to the UA from an off-campus computer, said Michael Torregrossa, director of computing services for University Information Technology Services.
"We've seen several reports where people have gotten in using compromised NetID passwords," he said.
He said UITS is implementing new requirements like this one in hope of keeping hackers at bay.
NetID passwords are used for a slew of UA student services, including WebMail, Student Link and D2L.
Students can test the strength of their new passwords before selecting one. Passwords are good for 45, 90, 180 or 360 days based their strength.
A strong password is greater then eight characters, uses upper and lower case letters, and numbers, special characters or spaces, Torregrossa said.
He recommends that people use a "pass-phrase," a sentence complete with capitalization, spaces and punctuation.
With this new system, every student will have to change their password at least once a year.
"The reason for periodic changes is that we estimate hacking tools and techniques will continue to advance," Torregrossa said. "So what's considered strong today might not be strong next year."
There has always been a password-strength requirement for NetIDs, but hacking techniques and programs have advanced over the years, Torregrossa said.
"What was considered strong six or seven years ago is no longer considered strong," he said.
NetIDs are kept for 18 months after a student or employee leaves the UA.
If a password isn't changed by its expiration date, it will expire and the user won't be allowed to log in.
Policy on posting: The Arizona Daily Wildcat would like to offer readers an opportunity to voice their opinions and engage in community conversation. However, readers should refrain from personal attacks or advertisements in their comments. When a reader chooses to participate in the Daily Wildcat's online comments, they should be aware that all comments and postings do not reflect the views of the publication.
Viewing Comments 1 - 3 of 3
karl
posted 2/03/08 @ 11:45 PM PST
So very strong passwords can be foiled by anyone able to answer the security questions?
Apparently this is an effort to stem affiliated hackers from being able to claim that someone else used there netid to gain access. (Continued…)
Eric
posted 2/04/08 @ 3:40 PM PST
A strong password is one that you have no hope of remembering...especially for those of us who only access the system to re-enroll in benefits once a year (or less). (Continued…)
Dhebsjkb
posted 2/08/08 @ 10:12 AM PST
"styming"????
Post a Comment