http://www.spectatornews.com/media/paper218/news/2005/09/26/CampusNews/Password.Rule.Change.Tightens.Account.Security-998087.shtml By Nathaniel Shuda September 26, 2005 With technology constantly evolving, regulating access to computer-related systems and services with passwords has become widespread. But if a person use a simple password, it could be very easy for someone to hack into his or her system, especially with the use of special programming software designed to seek out patterns in passwords, said Chip Eckardt of Learning and Technology Services. It is for this reason that LTS, along with the university, will require students and faculty to change their passwords to fit criteria that will make their accounts less susceptible to intrusion. The switch will begin Nov. 1. More hackers are surfacing all the time, and accounts already have been compromised in several cases because of easy access to computer accounts, Eckardt said. "We've even had Mac boxes get hacked," he said. "That's been real unusual because ... when you have something like Windows, (which) everybody goes after, it's a common target. But we're even seeing attacks in areas where we've never saw them before." The LTS office plans to send three reminder messages via e-mail to warn users of the change: one informing all university computer users of the change, as well as reminders 10 and three days before current passwords expire. Users who recently have changed their passwords will not have to perform the switch until their new passwords expire in a year, Eckardt said. Those who do not change their password by the time it expires will be prompted the next time they log in and won't be allowed to connect to the system without first changing their password. If users forget their passwords, Eckardt said, they can visit a Web site LTS will create to reset them. The new requirements, however, have some students worried about accessing the university's computer system. "I think it's a good idea, if you could remember your password," freshman Meghan Hamre said. "There's no way I could remember that kind of (password), especially eight (characters) long." Eckardt recommended using a password that has a personal meaning, but not something hackers could easily guess. He said Eau Claire's change precedes a possible UW System-wide password policy. "I know the UW System is looking at passing a statewide policy on this, and ours will comply with theirs, but their policy's probably not going to hit for another year," he said. "We're trying to be proactive." -=- Valid passwords will have to meet these minimum requirements: * Must be at least eight characters in length * Must contain characters from three of the following four categories: - English uppercase characters (A through Z) - English lowercase characters (a through z) - Base 10 digits (0 through 9) - Non-alphabetic characters (for example, $, # or %) * Cannot contain significant portions of the user's account name or full name _________________________________________ InfoSec News v2.0 - Coming Soon! http://www.infosecnews.org
This archive was generated by hypermail 2.1.3 : Mon Sep 26 2005 - 23:42:13 PDT