Password Pandemonium

Password Pandemonium

Vanessa Persico

More than 800 students and nearly 100 faculty and staff found their Colgate network passwords useless Monday morning when an Information and Technology Services (ITS) staff member accidentally checked a box invalidating all passwords that had not been changed for more than a year.

ITS workers recognized and reversed the glitch within an hour and a half, but any person with an “old” password who attempted to log in to the Colgate domain for web access, the Colgate Portal or e-mail during that hour and a half were unable to do so, and their passwords were no longer functional. Those who did not attempt log-in during that time were unaffected.

“The server was in a no-man’s-land,” Chief Information Technology Officer David Gregory said, “[But] the response was swift and most people’s passwords have been reset…ITS staff and SOURCe staff moved aggressively yesterday to resolve individual problems.”

Student Operated User Resource Center (SOURCe) staff were in the office early Monday, handling two or three calls at a time from Colgate domain users as local as Gate House and as far-flung as Spain, as students studying abroad were unable to access their e-mail as well. Junior Stephanie Tubman said that during one hour Monday afternoon approximately 40 such calls came in.

SOURCe workers instructed students coming in to log onto a computer in the O’Connor Campus Center (Coop) computer lab using their old password. The computer would then prompt them to create a new password, which would serve as their password from then on.

For off-campus students and other users without access to a Colgate computer, SOURCe workers completed that process for them from the SOURCe office, changing the password to something neutral until the user could change it to a password of his or her choosing.

ITS employees went to different departments later Monday to troubleshoot problems that professors and other faculty may have been encountering as a result of the morning’s mix-up.

ITS had sent out a blanket e-mail on the evening of September 29 informing all Colgate employees and students that they would be required to change their network/e-mail account password to ensure network security, as per the Committee on Information Technology’s (CIT) strong-password policy.

“This new network security requirement…will be officially enforced on October 2, 2006,” the e-mail read. “All passwords will be forced to change on October 31. Passwords changed after October 2 will not be required to change again.”

The e-mail also provided a link to a web site delineating the standards for a “strong” password, standards which all new passwords would have to meet.

In another e-mail, sent out on Monday at 11:20 a.m., Gregory apologized for the confusion that had taken place.

“Unfortunately, it is very hard to test a campus-wide change such as this without affecting users or to anticipate all the problems that may arise,” he wrote. “Based on the problems that arose and what was learned, we will be postponing the implementation of the Strong Password policy until CIT has had an opportunity to discuss it.”