University of Hartford Computer Security Series - Part I

Your network password - the first line of defense

Computer security in the news
We've all heard the news stories about corporations and universities experiencing data breaches which expose personal data to hackers which could ultimately be used to commit identity theft and fraud. This and future articles will describe how you can help to make computers and data at University of Hartford more secure.

Your password - key to data security
Have you changed your network password lately? If not, you should do so now. If you are a student, your password provides access to your email and your web space. If you are a faculty or staff member, your network password provides access to your email, your web space, your computer, and any data stored on the data center's servers. This data may include private information about you or your students. A strong, secret password is the first line of defense against hackers and data thieves. Regardless of how carefully the University secures its computer servers - your password authorizes you (and your computer) to access the data on those servers. A weak or infrequently changed password puts that data at increased risk of being accessed illegally.

A disturbing trend
Recently, the trend in viruses and hacker tactics has been toward password guessing and stealing. As computers have gotten faster and faster, programs that simply guess every possible combination of passwords, or use a dictionary of common words, can quickly "crack" a password on a computer in a matter of hours -- not days or weeks as it used to take. There has also been a dramatic increase in the number of "keystroke logger" viruses which attempt to steal your password by logging everything you type and transmitting that data to the hacker, or storing it in a hidden file on your PC for the hacker to retrieve through another virus called a "back door" or "trojan" program. Once the attacker has your password, they may use it to exploit your computer, and everything it has access to (including private data on its hard disk, or on servers you are authorized to access), or they may give or sell it to someone else. Your best defense is to change your password from time to time (the University's external auditor recommends every 45-90 days) so that it is less likely to be exploited.

An audit point
The University's external auditor, PricewaterhouseCoopers, has recommended that the University adopt a password change requirement policy for the network ID (similar to that which we already have in the Banner administrative system). The University will implement this policy recommendation soon.

Changing your password
You should change your password now. If you do not change your password by October 1, 2005, your account will be disabled. Changing your password takes only a moment. You may also need to update the password stored in your email program. You can change your password at one of the following links, depending on whether you have a faculty/staff account or a student account:

  • Selecting a password
    For good security, your password must:

    If you use an email program like Outlook Express, Outlook, Eudora, Netscape Mail, Mozilla Thunderbird, etc., at some point (there may be a delay before the new password is updated on your email account), the program will fail to access your email and may prompt you to update your password. Most programs will automatically remember the new password going forward; some may require you to go into the configuration settings for your account to make the change.

    Where to get help
    If you need help changing your password, or updating the password in your email program, contact the Computer Support Line at x5999.