KSU to require password change

Nate Stuart

Within the next year everyone at Kent State will have to change their FlashLine password – again and again and again.

The first phase of the change is for administrative staff who will have to change their password by August 9.

Passwords will have to be changed once every six months after the first change is made. Kent State is following the Department of Health and Human Services regulations, which require password changes for security.

Keys to a good password

• Your password is bad if it is a word that can be looked up in the dictionary, a name, something commonly known about you (i.e. birthday; type of car; favorite movie, book, or artist; pet’s name; school you graduated from; etc..), written on a sticky note anywhere near your workstation, unknown to anyone besides yourself.

• Guidelines for good passwords: It should be easy for you to remember and hard for anyone else to guess. It should be seven characters or longer. Use a pass phrase. Use a mix of numbers and letters as well as a mix of uppercase and lowercase letters. Use punctuation in the middle of your password.ÿÿ

• In order to change a password go to http://flashword.kent.edu. Step by step directions will then be given. If it is your first time accessing FlashWord then you will be prompted to answer four questions before you can change your password. Accounts that have not had their password changed by the deadline will be blocked. More information about FlashWord can be found at http://helpdesk.kent.edu/flashword.

The second phase will be for faculty during the 2006 fall semester. The third and final phase will be for students sometime during 2007, said Greg Seibert, director of Security and Compliance.

“We’re doing the best job we can to protect your information,” Seibert said.

Because more than 200,000 passwords will eventually be changed (including alumni), the help desk’s workload will increase dramatically. The administrative staff will be given plenty of time to change their password this summer in case problems arise.

Seibert recommends FlashLine users change their passwords three to four times a year. He also recommends that users choose a hard password to remember and write it down on a business card (keep it out of sight in a safe place) instead of using a simple, easy to remember password because it would be easy to guess.

Users can change their password as much as they would like once they have answered the four questions at FlashWord and have changed their password once. Should someone try to manually hack into an account (by going to Flashline’s sign-in page and trying to guess the password) access to the account becomes blocked for 15 minutes after five failed attempts to guess the password.

“It’s hard to gauge the security of a password. Changing your password makes it more secure,” said Dan Roberts, senior systems programmer.

Roberts also said hackers are constantly breaking passwords using hybrid lists generated by computer programs which input millions of pre-calculated passwords in an attempt to match the password and hack into the account.

There are still some concerns by members of the university about having to change their password every six months.

“I’ve got to write it (password) down. I have dozens of them (ranging from) alpha numerical (to) case sensitive. If I have to write them down, it means someone can access them,” said Pearle Bower, senior secretary for the Institute for Cyber Information.

Bower said she understands the need for security, but will have a hard time keeping up with all of the new passwords.

“If we can get them to change their password twice a year, I’ll be extremely happy,” Seibert said.

Contact Technology and Information reporter Nate Stuart at [email protected].