Password pandemonium: Students find pet peeve in protection

By Laura Fitzgerald, For The Miami Student

Miami University students express annoyance over the commonly misunderstood ritual that occurs every six months to a year - changing their unique Miami password.

Senior Director of Strategic Communications and Planning Cathy McVey said Miami requires students to change their passwords because the information the password protects, such as credit card information and class schedules, is very sensitive.

"Passwords that remain the same over a long time can be more easily hacked," McVey said. "We have the policy because it helps keep your information safer."

According to the IT help website, Miami's password policy requires students to change their password every 180 to 365 days, depending on the strength of the current password. After the 365 day time limit, students have a 14 day grace period to change their password. If the grace period expires, students cannot access accounts such as BannerWeb or myMiami until they change it.

McVey said if hackers do manage to get onto a student's account, they can drop or add classes, steal a student's credit card and bank information or send emails from the student's account.

Fixing damage from a hacker is not easy either, since sometimes students have no way of proving it was not them who made changes to their account.

"It could be a big headache," McVey said. "Things could be fine in the end, but it could be a pain."

While most Miami students agree changing passwords is an inconvenience, students remain divided on whether the policy is really needed.

"It is annoying, but I feel like it's necessary," senior Katie Eagle said.

Other students had a different view on the matter. Senior Austin White said the policy is extremely annoying and completely unnecessary. Junior Taylor Shuey said Miami students should still be required to change their password, just less often.

McVey said hackers can obtain information through computer programs that run thousands of passwords or what is known as "phishing," or fake emails that present an emergency with a student's bank or bursar account and demand a student's password.

Enjoy what you're reading?
Signup for our newsletter

Assistant VP for Security Compliance and Risk Management Joe Bazeley said hackers can even be someone close to the victim, such as an ex-boyfriend or girlfriend, and learn their victim's password because they use it for other sites such as Facebook and other social media sites.

Bazeley said IT services is planning to raise awareness about cybersecurity during National Cybersecurity Awareness Month, taking place this month. IT services will set up a booth on Friday, Oct. 17 to hand out fliers and talk to students about cybersecurity. They also have other awareness events planned at the regional campuses throughout the month.

Bazeley said students can better protect their passwords by avoiding making obvious changes to it, such as simply putting exclamation points or new numbers at the end of it, and instead pick a special character and insert it into the middle of the password.

"It's trying to make it more difficult for someone to guess what your password might be," Bazeley said.

There are also password managing softwares such as LastPass, Keep Pass and Password Safe. The apps generate new passwords and store all of them in one database so the user only needs one password to access the app, Bazeley said.

According to Bazeley, all Miami staff and faculty are also required to change their passwords. Other universities also have similar policies, although the amount of time students have the same password ranges anywhere from 30 to 365 days, depending on the college.

To increase security, Bazeley said Miami has also employed a two-factor authentication method for faculty submission of grades, student tax forms and student refunds. Faculty and students access this system through a base password and a code that changes every minute.