By Jesse Drake, communications specialist for UIT Strategic Communication
Information security is like brushing your teeth: It’s all about good hygiene.
The university’s Information Security Office (ISO) recommends that everyone treat their passwords as they do their toothbrushes – don’t share them with others, and change them when they get old and ineffective.
“Conventional wisdom was that changing your password frequently created greater security, but most experts now agree that a strong password is the most important thing,” said Corey Roach, ISO enterprise security manager.
Roach said that changing your password isn’t necessary if you can guarantee that you:
- Choose a very strong password
- Never use the same password on multiple sites
- Never get your client system infected with malware
- Never get tricked into giving away your password via phishing
- Never use your password where it might be intercepted
- Never use your password on a system that can be “brute-forced”
(automated software method of hacking passwords or PINs)
“That said, meeting all those criteria is harder than you might think,” he said.
Curious to know your password’s strength? Enter it into our Password Tester and find out.
If your password isn’t as hack-proof as it could be, you can change it by logging into Campus Information Services (CIS) with your uNID and current password.
- Employees: Select the Change your Passwordlink in the Employee Profile
- Students: Select the Change your Passwordlink in the Update Student Profile
- To reset a password that has been lost, forgotten or expired, visit this page.
For details on creating a secure password, please refer to the U’s password requirements and guidelines (authentication required). The U advises complexity – a combination of letters, numbers and symbols – that you can incorporate into a memorable phrase. After all, forgettable passwords that users jot down on a sticky note and affix to their desks defeat the purpose.
Password sharing at the U is strictly prohibited and should you fall for a phishing attempt, U security experts advise immediately changing your password and reporting the event to the Campus Help Desk at 801-581-4000, option 1.
If better dental hygiene means brushing twice a day, two layers of security is better than one.
Like it or not, passwords are vulnerable and no longer sufficient on their own. Two-factor authentication (2FA) is confirming your identity by two separate methods, one of which isn’t your password. The second form is something you have physical access to, like a mobile device. Even if a hacker obtains your login credentials, the information is useless without access to the secondary device.
University students, staff and faculty can opt in to use Duo 2FA. To enroll and manage a device, sign in to the Duo self-service app with your uNID and CIS password.
This extra layer of data security helps protect users by ensuring they can safely sign in to applications or websites that run behind the university’s Central Authentication Service (CAS), including CIS, Box and Canvas.
A successful Duo pilot phase began last September as part of a broader effort to enhance information security at the U. A proposal to require 2FA for non-student remote access users is currently making its way through IT governance, according to Subhasish Mitra, associate director for ISO’s Identity and Access Management (IAM) group. The Architecture and New Technology Committee (ANTC) approved the proposal on Aug. 15, 2016, with a November deadline.
University staff and students are also encouraged to take advantage of security measures like biometrics fingerprints and iris scans offered by trusted non-university applications and websites, such as financial institutions.