The Observer, December 9, 2005
Volume XXXVIII, Issue 13
Case implements new password policy
Beginning Jan. 3, Case network users will be able to change their password to conform to the new password policy and must do so before Feb. 15. After this date, users who have not changed their passwords will be unable to access password-protected network services.
"We're not interested in denying services to anyone. We're interested in protecting everyone. For those who have not changed their password by roughly Feb. 1, we will begin to send them reminder emails encouraging them to do so," Priya Junnar, communications officer for Information Tech-nology Services (ITS) said. "After Feb. 15, people who have not changed their password will not be able to access Case resources that require you to log in with a password, like the Portal, Webmail, and Software Center,"
The concern is that pass-words that are currently in use may be easy to break through guessing or other more soph-isticated means. The new "quality" passwords policy hopes to fix the problem of weak passwords by requiring people to choose passwords that will be much harder to guess or otherwise compromise.
"There's consensus across various industries that the stronger your password, the better protected your infor-mation," Junnar said. "In addition to many hardware-side precautions and systems we are putting into place, we have also launched a public awareness campaign that focuses on information secur-ity. The policy to adapt a robust password for all of our users is integral to our security plan."
Requirements for the new password will be similar to that of current passwords, with a few additions. New passwords will be at least eight characters long, and will need to include a combination of lower case letters, upper case letters, numbers, and punctuation, with at least three of these four categories included. In addition, it must not be or resemble a dictionary word, phrase, or a user's own user ID or name.
Users should follow the directions that will be sent out in an e-mail to change their password. Even if a person already has a password that conforms to the new policy, they will still need to change, or just reenter, their password to show that the password is valid.
For junior Yakov Elizerov, the changes are welcome. "I think it's a good idea, it'll protect a lot of people's privacy and records. And you also avoid potential hackersand scams," Elizerov said.
Others, though, aren't sure if this will achieve the intended goal. "I think that's absolutely absurd. I understand that they want us to do it to be more secure, but is it actually an issue? Are people stealing or guessing passwords? Maybe a better change would be a forced password change once or twice a semester," junior Jenny Kalb said.
At present, ITS does not plan to make regular password changes as a part of their policy.
