In Brief December 2015

latest news

  • OIT encourages all faculty and staff to log into UCLC and take the UC Cyber Security Awareness Training ecourse.
  • An improved user interface for Webfiles will be introduced during Winter quarter.  Users are invited to log in to the test server, create an account, and test-drive the new version.
  • Users of UCI’s O365 email service should be watching their clutter folder, a new feature intended to reduce junk email.  If this feature is not helpful, you can turn it off in Outlook or OWA under Settings / Mail / Automatic processing.

Your Password is like a Toothbrush

password
Treat your password like your toothbrush: choose a good one, change it regularly, and don’t share it.

Your UCInetID is your gateway to online services at UCI.  Like a skeleton key, it serves as your single credential for most network services on campus.  Use of a UCInetID and password by anyone other than the owner can result in exploitation of UCI resources, loss of personal and university information, and other potentially severe consequences.

You are responsible for anything done with your UCInetID.  Keep your UCInetID password to yourself.  Don’t share it, don’t keep it in a computer file, and don’t write it down.

IT security is a responsibility we all share.  Many cyber-security breaches begin with an innocent but incautious act.  Let’s all keep UCI safe.

Annual UCInetID Password Change Policy

password

In response to escalating threats to information security, the Office of Information Technology is working on multiple fronts to strengthen protections. One of the steps we will be taking is to require that UCInetID passwords be changed annually.

Your UCInetID is your key to UCI online services. Use of a UCInetID and password by anyone other than you can result in exploitation of UCI resources, loss of personal and university information, and other potentially negative consequences.

There is a plethora of “malware” on the Internet: on web sites, downloaded via email, and on potentially infected public computers. This software often quietly collects passwords for later use by unscrupulous individuals. The longer you use a given password, the greater the chance it may be captured and misused. Changing it periodically helps you insulate yourself before a thief has an opportunity to use it.

Between January and June 2016, we will be incrementally rolling out a process to require changing UCInetID passwords older than one year. You will receive a series of email notifications starting one month before the change is required. Once that month has passed, a UCInetID whose password has not been changed will be deactivated. It will then need to be re-activated via an online process.

Although UCI Google and Office 365 passwords are not yet linked to UCInetID passwords, we recommend that you change all of these annually as well.

We appreciate your support of this new policy and other security initiatives. Given the imperfect protection that passwords provide, we are also working to implement expanded use of “multifactor authentication”. This involves exchanging a token with a smartphone or other device in addition to entering a password when accessing sensitive campus resources.

For additional information on the new password policy, including advice on choosing a good password, please see www.oit.uci.edu/ucinetid/password-policy/. If you have additional questions, please contact the OIT Help Desk (oit@uci.edu, 949-824-2222).

Choosing a Secure Password

password

Choosing a password can be a daunting task. You must choose one that no one can guess but you can remember! Here are some guidelines to help you.

  • When choosing a new password, do not re-use any of your past passwords.
  • Pick a password that has at least 8 characters. Generally speaking, the longer your password is, the more secure it is.
  • Your password should contain at least one alphabetical character (a-z).
  • Passwords are case-sensitive and can have both upper and lower case letters. Using MiXeD case in your password increases its security.
  • Your password should contain at least one non-alphabetical character,which is not the first or last character of the password.
  • Including numbers and punctuation increases the strength of your password.
  • Using a long phrase, up to 63 characters creates a very strong password/pass phrase.
  • Do not use any personal information (name, address, phone number, social security number, UCI employee ID number) as any part of a password.

One helpful technique for choosing a secure password is to think of a phrase you can remember. Take the first letter of each word in the phrase, then change some letters to mixed case or numbers or punctuation. For example, the famous movie line “Louie, I think this is the beginning of a beautiful friendship” could become the password “LItt1tb0abf”.  Note the two capital letters and the two digits.

Sites@UCI provided by the Office of Information Technology, University of California, Irvine