Announcements
Posted: Tuesday, July 16, 2019Avoid Being Forced to Reset Your Password
Information Technology Services will force a systemwide reset of employee passwords in October. Why? Research on password security indicates that the old rules for creating passwords (which were based on faulty assumptions) are terribly insecure. Research also indicates that password length leads to security. A long password or passphrase that is meaningful to the user is proving to be the most secure. Read the IT Knowledge Base Article on creating secure passphrases. IT will remind users before forcing the password reset in October.
You can avoid the forced reset in October by doing these two things now:
1. If you haven’t done so already, please follow the steps to register for self-service password reset. Set up your security questions and a backup e-mail address or phone number so that you can reset your password on your own at any time, any day, anywhere.
2. After completing step 1, please review the Knowledge Base article on how to create a secure passphrase. Once you understand how to create a 15-character passphrase, reset your password with no fewer than 15 characters. The only requirement for creating your new password: you must use at least 15 characters.
Once you have completed these steps, your name will automatically be removed from the list of account holders who will be forced to reset their passwords in October.
If you choose not to complete both of the above steps before October, you will be forced to reset your password at that time. If you have not set up self-service password reset functionality (step 1) and forget your password, your only option will be to contact the IT Help Desk during business hours to have your access restored. So, don’t delay; perform the steps above today.
Do Users’ Perceptions of Password Security Match Reality? (PDF, 507 KB)
Measuring Real-World Accuracies and Biases in Modeling Password Guessability (PDF, 1.5 MB)
Wednesday, July 17, 2019
Thursday, July 18, 2019