Computer security in the news
We've all heard the news stories about corporations and
universities experiencing data breaches which expose personal
data to hackers which could ultimately be used to commit identity
theft and fraud. This and future articles will describe how you
can help to make computers and data at University of Hartford
more secure.
Your password - key to data
security
Have you changed your network password lately? If not,
you should do so now. If you are a student, your password
provides access to your email and your web space. If you are a
faculty or staff member, your network password provides access to
your email, your web space, your computer, and any data stored on
the data center's servers. This data may include private
information about you or your students. A strong, secret password
is the first line of defense against hackers and data thieves.
Regardless of how carefully the University secures its computer
servers - your password authorizes you (and your computer) to
access the data on those servers. A weak or infrequently changed
password puts that data at increased risk of being accessed
illegally.
A disturbing trend
Recently, the trend in viruses and hacker tactics has
been toward password guessing and stealing. As computers have
gotten faster and faster, programs that simply guess every
possible combination of passwords, or use a dictionary of common
words, can quickly "crack" a password on a computer in
a matter of hours -- not days or weeks as it used to take. There
has also been a dramatic increase in the number of "keystroke
logger" viruses which attempt to steal your password by
logging everything you type and transmitting that data to the
hacker, or storing it in a hidden file on your PC for the hacker
to retrieve through another virus called a "back door"
or "trojan" program. Once the attacker has your
password, they may use it to exploit your computer, and
everything it has access to (including private data on its hard
disk, or on servers you are authorized to access), or they may
give or sell it to someone else. Your best defense is to change
your password from time to time (the University's external
auditor recommends every 45-90 days) so that it is less likely to
be exploited.
An audit point
The University's external auditor,
PricewaterhouseCoopers, has recommended that the University adopt
a password change requirement policy for the network ID (similar
to that which we already have in the Banner administrative system).
The University will implement this policy recommendation soon.
Changing your password
You should change your password now. If you do not
change your password by October 1, 2005, your account will be
disabled. Changing your password takes only a moment. You may
also need to update the password stored in your email program.
You can change your password at one of the following links,
depending on whether you have a faculty/staff account or a
student account:
Selecting a password
For good security, your password must:
If you use an email program like Outlook Express, Outlook, Eudora, Netscape Mail, Mozilla Thunderbird, etc., at some point (there may be a delay before the new password is updated on your email account), the program will fail to access your email and may prompt you to update your password. Most programs will automatically remember the new password going forward; some may require you to go into the configuration settings for your account to make the change.
Where to get help
If you need help changing your password, or updating the
password in your email program, contact the Computer Support Line
at x5999.