[ISN] Password rule change tightens account security
isn at c4i.org
Tue Sep 27 02:10:00 EDT 2005
By Nathaniel Shuda
September 26, 2005
With technology constantly evolving, regulating access to
computer-related systems and services with passwords has become
But if a person use a simple password, it could be very easy for
someone to hack into his or her system, especially with the use of
special programming software designed to seek out patterns in
passwords, said Chip Eckardt of Learning and Technology Services.
It is for this reason that LTS, along with the university, will
require students and faculty to change their passwords to fit criteria
that will make their accounts less susceptible to intrusion. The
switch will begin Nov. 1.
More hackers are surfacing all the time, and accounts already have
been compromised in several cases because of easy access to computer
accounts, Eckardt said.
"We've even had Mac boxes get hacked," he said. "That's been real
unusual because ... when you have something like Windows, (which)
everybody goes after, it's a common target. But we're even seeing
attacks in areas where we've never saw them before."
The LTS office plans to send three reminder messages via e-mail to
warn users of the change: one informing all university computer users
of the change, as well as reminders 10 and three days before current
Users who recently have changed their passwords will not have to
perform the switch until their new passwords expire in a year, Eckardt
Those who do not change their password by the time it expires will be
prompted the next time they log in and won't be allowed to connect to
the system without first changing their password.
If users forget their passwords, Eckardt said, they can visit a Web
site LTS will create to reset them.
The new requirements, however, have some students worried about
accessing the university's computer system.
"I think it's a good idea, if you could remember your password,"
freshman Meghan Hamre said. "There's no way I could remember that kind
of (password), especially eight (characters) long."
Eckardt recommended using a password that has a personal meaning, but
not something hackers could easily guess.
He said Eau Claire's change precedes a possible UW System-wide
"I know the UW System is looking at passing a statewide policy on
this, and ours will comply with theirs, but their policy's probably
not going to hit for another year," he said. "We're trying to be
Valid passwords will have to meet these minimum requirements:
* Must be at least eight characters in length
* Must contain characters from three of the following four categories:
- English uppercase characters (A through Z)
- English lowercase characters (a through z)
- Base 10 digits (0 through 9)
- Non-alphabetic characters (for example, $, # or %)
* Cannot contain significant portions of the user's account name or
More information about the ISN