In an effort to increase password protection for Penn State Access Account users, Academic Services and Emerging Technologies (ASET), a service unit of Information Technology Services (ITS), upgraded its File Transfer Protocol (FTP) server ftp.personal.psu.edu on June 1, 2002 to provide for "secure-only" file transfers. This means that Penn State's academic computing users are no longer able to use popular FTP software such as WS_FTP for Windows and Fetch for Macintosh, to transfer files to their respective Penn State Access Account (PASS) Storage Space; however, a variety of alternatives have been established to help Penn State faculty, staff, and students make the transition from current file transfer methods to more secure options.
The increase in security measures stems from the tendency for many kinds of FTP software to present passwords "in the clear." This means that passwords are vulnerable to network eavesdropping by unscrupulous individuals in search of "userids" and passwords, giving them the ability to gain unauthorized access to servers and systems. Due to this vulnerability, students, faculty and staff should be aware that it's possible for an individual to obtain their Penn State Access Account userid and password and assume their identity.
How can Penn State's community of computer users update Web pages and files without risking security compromise? Fortunately, alternatives have been created to make file updates to Personal, Course, or Departmental Web pages easy and secure.
For a list of alternatives and more information, please see http://cac.psu.edu/news/alerts/ftp_announce.html .