UC Embraces Strong Passwords
by Quinn Shamblin
Soon, the security of central UC systems will be significantly enhanced as the university begins to require strong passwords. Strong passwords are crucial to the protection of sensitive information and systems. It does not matter how strong a protection or encryption may be if the password can be easily guessed or broken.
A strong password uses more than just the standard lowercase alphabet, is not a word found in any dictionary, and is at least eight characters long. A recent audit of passwords in use at UC showed that it has been common for a password to be an English word of only four or five characters. Such passwords can be broken in seconds by freely available password cracking software.
On 29 July, UCit will align with international best practices as we begin requiring any password created or changed on central systems to meet minimum complexity requirements. Each password will need to contain the following:
• At least one lowercase letter
• At least one uppercase letter
• At least one number
• A minimum of eight characters
We recommend that you also include a symbol (@!#$%^&|;:,[] … etc.) in your password, but this is optional.
This change should not affect you on the day we make it. The password you are using at that time will continue to work until it expires normally and you are prompted to change it. At that point, the system will require that you choose a strong password. We highly recommend that you administer your password through the new Password Self-Service (PSS) tool at https://www.uc.edu/PSS.
This affects Exchange e-mail (Outlook), CMS, & Central Login Service (CLS) pages including: One Stop, UC Flex, and all others featuring the graphic:
To see a full list, visit the PSS help page at http://www.uc.edu/infosec/PSShelp.htm.
For tips on selecting a strong password that is easy to remember, please visit http://www.uc.edu/infosec/HowToChooseAPassword.htm
This change joins other recent improvements intended to move the university toward a single password per user. Studies have shown that organizations using a single strong password are more secure than those using different passwords on different systems. Many central systems are already being synchronized so that a change made on one will automatically be made in all the others. Blackboard, Bearcat Online (student e-mail), and EduKey will soon join this list, allowing the majority of users at UC to have a single strong password allowing access to almost every system they commonly use.
|
