Penn State recently began an initiative that will require all those who have Penn State Access Accounts to change their passwords annually. The new password change requirement has been instituted to increase the personal security of Penn State community members and to help protect business, research and academic resources throughout the University.
|
"All individuals who currently have a Penn State Access Account will need to ensure that they change their password at least once every 365 days under this new plan," explained Kevin Morooney, Penn State's newly appointed vice provost for Information Technology. "It's important to change your password often, and it's critical for the University to ensure the greatest security in the community environment."
According to Morooney, although the new yearly cycle may take some getting used to, Penn State will reap significant benefits by participating in the password change initiative. "Beyond the immediate security benefits, making this change will help the University meet guidelines of the federal government's new eAuthentication Initiative (EAI)," he said. "Meeting this requirement will put Penn State in a favorable position in the future as more and more services move into a delivery model that will require strong trust among providers of digital resources—whether it's the government or the private sector."
As part of the new plan, the University has set up a "countdown" deadline of April 2, 2007, at which time all Penn State Access Account passwords will expire, if they have not been changed between August 1, 2006 and April 1, 2007.
"We strongly encourage community members to make their password change right away, if they have not done this recently," added Kathy Kimball, senior director of ITS Security Operations and Services. "If your password expires, it will result in the loss of your connection to the Internet, e-mail, ANGEL and all of Penn State’s network-based resources. Students, faculty, staff and all other Penn State access account-holders need to make this change now to prevent any risk of expiration on April 2."
Under the new plan, account holders will initiate a 365-day expiration cycle each time they change their passwords. This ensures that their passwords will be changed at least once each year. Penn State Access Account holders should visit http://its.psu.edu/password/ to change their passwords and learn about the new initiative.
The Web site has been created to provide information about the password change initiative, plus provide answers to questions on all aspects of Penn State’s password policy.
The University also will be prompting community members to change their passwords in a variety of ways throughout the fall and spring semesters. A University-wide campaign will distribute notices about the plan along with password security tips and suggestions for good digital identity management practices. In addition, when a password is within eight weeks of its expiration date the user will be required by the University's WebAccess system to change his or her password–or he/she will not be able to resume WebAccess privileges. WebAccess provides authentication for the use of many University services such as Penn State WebMail, the Penn State Portal, Web-Based Training, and ANGEL. Students, faculty, staff and other access account-holders who still have not made the change within four weeks of their password expiration date will receive weekly e-mails advising them of the imminent expiration of their passwords and the critical importance of making the change.
Questions and concerns about Penn State's Password Change initiative should be directed to the ITS Help Desks at (814) 863-1035, (814) 863-2494 or toll-free within Pennsylvania at (888) 778-4010.
You should never share your password with anyone, even your closest relative or friend.Your Penn State Access Account is your digital identity at Penn State, no one else's. Your password serves as the key to many electronic services within the University community. Selecting a good password and changing it periodically are important ways to protect the privacy and integrity of your personal information and finances, and can help guard against identity theft. Hackers actively seek out weak passwords they can use to steal services or perpetrate malicious mischief. And it's not just hackers. We have found that in many cases, it is someone's ex-friend, ex-fiance, or ex-roommate who will use passwords to cause trouble or gain unauthorized access to private information. So don't share it with anyone, not even your parents, your best friend, your roommate, or your fiance.
Use strong passwords to protect your computing resources. Follow these rules to create strong passwords:
Note: some characters should not be used; see disallowed special characters listed at http://www.its.psu.edu/password/bestpractices.html#disallowed.
When creating passwords, avoid the following:
