ITS Prepares to Implement New Strong Password Policy March 5

Do you remember Monday, October 2, 2006? Chances are you woke up, brushed the residual weekend junk off your desk, and sat down at your computer to check your e-mail, only to find that your trusty password did not work.

That day, an Information and Technology Services (ITS) staff member had accidentally invalidated the passwords of over 800 students and almost 100 faculty members.

This spring, many Colgate students and staff will again find themselves unable to log in to the Colgate Portal if they fail to change their “weak” passwords before Monday, March 5.

To help protect the security of the Colgate Network, which houses information vital to university faculty, staff, administrators and students, ITS is implementing a strong password policy, urging members of the Colgate community to make their passwords more personal for their own protection.

Information Technology Network and System Administrator Don Rhodes felt that an increase in Colgate’s internet security was necessary after seeing many other colleges fall victim to data breaches over the past five years.

“Student records, employee tax information and salary records are stored on our network. Outside access to any of these things could lead to identity theft,” Rhodes said.

Rhodes is the designer of the new strong password policy.

According to ITS regulations, a strong password is at least 8 characters long and includes both lower and upper case letters, numbers, and symbols of punctuation – e.g., # $ % ^ & * ( ) _+ =.

“A strong password does not include anything found in the dictionary or information such as pets’ names and hometowns,” Rhodes said. “This information is accessible and increases someone’s chances of randomly guessing the password.”

Rhodes and other Colgate ITS employees are bracing themselves for a negative response from students, faculty, and staff.

“It’s a good idea to implement for future classes before the year starts, but Colgate should not put this into effect mid-semester,” junior J.J. Figueroa said. “Besides, I don’t think having a strong password is not going to stop a legitimate hacker from getting into an e-mail account.”

ITS hopes to take action beforehand to minimize the negative impact of implementing the password policy.

“We will send numerous warning e-mails to students at risk of having their passwords inactivated,” Rhodes said.

Nevertheless, Rhodes expects that many of these people will not take heed of the instructions and grow angry at ITS for disrupting their routine.

“People may not like it, but it is our responsibility to protect Colgate’s Internet account security. We view this as the lesser of two evils,” the larger being information and possibly identity theft.

Detailed instructions on how to change one’s password can be found at http://computing.colgate.edu/ChangePW.asp.

Students, faculty, and staff are encouraged to visit the site for the full text of the policy and more information about strong passwords.

The Colgate Helpline, at x7111, will be available to help students, faculty and staff needing assistance.