Students asked to change MyUIndy passwords
By Emmanuel Casillas
Staff Writer
A campaign to get University of Indianapolis students to change their UIndy passwords is being pushed by Information Services. The move came about amidst security issues and hacker problems that have been reported at other college campuses across the country.
The effort to prompt UIndy students to change their passwords is a new idea put into action following talks between Chief Information Officer Jeffrey Russell and the Enterprise Information Technology Committee (EITC), which is made up of members of Indianapolis Student Government, UIndy staff, faculty and deans who identified some of the safety concerns on campus.
“The technology chair of the Technology Committee of Student Government has a spot on EITC, and it was one of that committee’s sub-committees that decided to go about with the password change,” said Indianapolis Student Government President Kevin Dunleavy. “They were doing research into incidents campuses have had nationwide.”
Russell and the EITC decided to adopt a system like what many businesses enforce when it comes to company passwords.
“For the last year they’ve [EITC] been meeting and coming up with one of the biggest issues in safety as it relates to students [student data, faculty data], and it became very apparent to the group that we really need to get a password policy in place,” Russell said.
Such a policy has never been developed at UIndy, and the EITC became aware of the fact that many other campuses were experiencing problems with hacking and identity theft, so a policy of changing passwords periodically has been established.
Students were first notified via e-mail that a password change was recommended. The deadline to change passwords is today, April 23. The policy also suggests coming up with more secure passwords and avoiding generic ones.
“If you took a password like the word love, it takes four-tenths of a second to crack that password. Take a word like L-E-A-D-3-R, so it looks like leader, it takes about four seconds.” Russell explained.
Russell and the EITC hope to have passwords changed campus-wide every six months. Student reaction to this plan was initially resistant.
“The biggest complaint[s] we had were [from] seniors who have to change their passwords a month before graduation,” Dunleavy said.
With the effort to push a change of password upon UIndy students came the task of addressing the SPAM attack that recently has plagued UIndy.
“The SPAM attack is a sort of newer attack that has occurred in the last [month] at universities around the country that specifically targets universities around the country, and it hit our campus en masse,” Russell said. “As soon as it was identified it had hit campus, [a message] went out to students and staff saying DO NOT REPLY TO THIS. What we did to protect this was capture any e-mail that was being sent from anybody on campus back to that address, and we notified Google.”
UIndy passwords can be changed on the UIndy Web site. Students are asked to make sure whatever password is created cannot easily be identified. The UIndy Web site helps to indicate how strong or weak the new password may be.