STORIES

Calendar of Events

Achievements

Exhibitions

Credits

Archives

INFORMATION TECHNOLOGY
Information Security is Increasingly Important

All of us who rely on technology keep vast quantities of information and data, both business and personal, on our desktop computers and university servers. Passwords are the most common method of validating digital identities, and they control the ability to access this information. As more and more interaction occurs over the campus network, password security becomes critical to campus operations. Loss of password security can open the door to vast personal and institutional damage.

Why should you care if your personal password is compromised? Once another person has your password, as far as campus systems are concerned, he or she is you and has assumed your privileges to access campus computing resources. This applies to all e-mail communications. With the Web portal implementation this year, access will apply to a host of campus interactions, including registration and grades. If you use the same password for personal online business, you may find that others have access to your bank account or favorite online sales site.

Recognizing that password control is key to data security, Information Resources has been instituting changes to make it more difficult to steal a password. Last spring the campus increased security for student and financial data on the IBM mainframe by implementing a new password policy, and this fall will implement improved security for passwords on NT servers and
e-mail platforms.

The new policy will require longer passwords, more frequent changes (at six-month intervals), inability to reuse passwords, revoking identification after repeated failed password attempts, and signing off users after a period of inactivity. In order to ensure help desk staff are available to answer questions, enhanced password control implementation will be completed in incremental groups.

The first group’s old passwords expired Sept. 24. Beginning two weeks before the expiration date, Windows NT and Windows 2000 users received system-generated messages each time they logged into their computers, letting them know when their passwords would expire. Windows 95/98 and Macintosh users got three e-mail reminders before current passwords became unusable.

Keeping passwords secure is more than a technical problem. Leaving your password lying about on a scrap of paper or sharing it with others is like leaving the door to your house unlocked with a sign that says, “come on in.” The choice of words used for passwords can also be a security concern as password-cracking programs can easily crack dictionary words and common names. Strong password security is effective only if a password is needed to access a computer, so good practice for keeping your desktop secure includes setting your machine to lock after 10–30 minutes of no use.

Note: Information on implementing the new password policy can be found on the User Services Web page www.csuchico.edu/usrv, and personal assistance in the password-changing process is available at designated times. (Visit training.csuchico.edu to see the scheduled times.) Faculty and staff can also contact the User Services help desk at x6000. }

Bill Post, Vice Provost for Information Resources (interim)