One of the most prominent threats to our networks and the sensitive data transmitted comes from legitimate users …us! Strong passwords are the most important cog in our security plan. We have access to many systems and sensitive information to do our jobs. However, many of us have never changed our passwords. For those who have, many use the names of pets, sons and daughters, or other words associated with our lives. Some use the word ‘password’ within their password. And others keep their passwords taped under their keyboard or on a piece of paper in their drawer. That’s like putting a key under the flower pot outside the front door of Fort Knox.
While these are all very logical, personal coping mechanisms, these are often the cause of security breaches. Any miscreant intent upon hacking into, say, the student information system, would look up a number of employee names, find their birth dates, scoop some information on immediate family members and pets, and then get down to business. It probably wouldn’t take long to find a match with some of the password cracking tools available. At that point, they might have access to sensitive data, grades, or worse, maybe pilfer private identity information.
Responsibility for security rests with all of us. To help alleviate the need for multiple PSU passwords, ITS has developed a single sign-on feature to myPlymouth. With one username and password, you can sign in to Banner, WebCT and many other internal sources of information. In the future, we’ll build more into that single sign on, making your life easier, but requiring us to be ever more vigilant in our methods of password management.
The most important thing you can do to heighten our security is to change your password routinely. Every three months is good practice, or at least once a year. Use passwords that include letters and numbers. Avoid names or common words that someone could guess. If you must write them down, avoid writing them next to the associated usernames. Protect them like you would your money and credit cards. Better still, confine them to memory.
And if you do have any keys under the flower pot, lose 'em.
Hi Dwight,
Other than routinely changing my passwords, I believe I'm doing the good things you mentioned above.
However, the last time I changed my "oz" password. I spent a couple of days dealing with hassles because the various systems were only somewhat integrated. You suggested above that they are more integrated now. Can you tell me (us?) what systems will be affected if we make a change to the password throught my.plymouth?
Thanks.
Eric
Eric,
I had a similar experience a while back. But before I suggested this to everyone, I thought I would do it myself.
I changed my password earlier this week. Nearly all of our network systems and applications are tied to the same password file. That system has been improved over the past year. Once you change your password (see myPlymouth home page, Computing Resources, Change Password), a process is kicked off that needs at least 15 minutes so it can update all the appropriate systems, including all OZ accounts.
Since I use Outlook for email, I had to change it there, too. Also my PDA.
The next day I had to validate my password with the Windows login. That was that.
But you raise a good point. The time to do this may not be in the middle of a busy day or week. If now is not a good time, make a note to do it in January when things are a little less hectic. And if you experience problems, just give us a call