IT Services encourages student use of multiple, unique passwords
Published: Tuesday, October 9, 2012
Updated: Tuesday, October 9, 2012 03:10
Password safety is a practice that is sometimes easily forgotten in a day and age where everything is computerized and requires a password. However, its importance is as relevant as ever.
“Although we haven’t had a major breach that has affected over 100 people since 2005, we normally see about 30 individual Miami accounts compromised per month.” Joe Bazeley, Information Security Officer at Miami University, said.
A compromised Unique ID password can result in grade, account and financial information being stolen, according to Bazely. However, he offered several easy ways that students can protect their passwords.
“Two of the most common password mistakes students make are having weak passwords and only incrementing them when they need [to be] changed,” Bazeley said.
Bazeley said most students simply choose a normal word, capitalize the first letter and put a number at the end when making their Unique ID password. This makes it easier to guess someone’s password, according to Bazeley.
“This mistake can easily be prevented by using passwords that don’t spell out actual words and can easily be remembered by the student.” Bazeley said.
For example, Bazeley suggests making a password something like “r3dH@wk11” instead of something simple such as “Redhawk11.”
The most common mistake, however, is using the same password for multiple sites, according to Bazely.
“Then, if someone gets your password at one site, they can log in as you at many different sites. So if you use the same password at Facebook and at Miami, if I get your Facebook password then I can go into your Miami account.” Bazeley said.
This can be prevented by simply coming up with a unique, strong password for each account, whether it be at Miami, on Facebook or on an online bank account.
While these tips on creating a password can protect a student’s account, compromised accounts are often due to preventable circumstances, according to Cathy McVey, senior director for Information Technology communication.
“[One example is] if you’re at the library and you login, but walk away,” McVey said. “If you don’t log out before you walk away, anybody can go onto your account. They can use your computer and have access to all your info.”
“Also, one big problem on the internet is ‘Phishing,’” McVey said. “This is where somebody sends an email that claims and looks to be from a trusted source such as Miami University or a students’ bank in order to obtain private account information.”
McVey said neither Miami nor a student’s bank will ever ask for password information. If a student receives an email that asks for such info, the email should be ignored and reported, according to McVey.
While students must take an active role in the protection of their passwords and account info, Miami University also takes several steps to protect students, according to Bazeley.
“Miami systems are configured with what we call the 10-10-10 rule, which means that if a user account enters 10 wrong passwords within a 10 minute period of time that the account will be locked out for 10 minutes.” Bazeley said.
This prevents hackers from using systems that guess your password thousands of times per second until it’s discovered.
Additionally, Miami University has a system that automatically disables spam, which protects students from Phishing attacks, according to Bazeley.
Other preventative measures taken by Miami include mandatory password changes and logout times, according to McVey.
“We also require students to change their password every 180 days,” McVey said. “Sites such a Niihka and Bannerweb automatically log out after 15 minutes of inactivity to ensure that nobody can get onto your computer if you leave it. However, people can still access your account within that time, so it’s important for students to log out before leaving their computer.”