Your Password is like a Toothbrush

password
Treat your password like your toothbrush: choose a good one, change it regularly, and don’t share it.

Your UCInetID is your gateway to online services at UCI.  Like a skeleton key, it serves as your single credential for most network services on campus.  Use of a UCInetID and password by anyone other than the owner can result in exploitation of UCI resources, loss of personal and university information, and other potentially severe consequences.

You are responsible for anything done with your UCInetID.  Keep your UCInetID password to yourself.  Don’t share it, don’t keep it in a computer file, and don’t write it down.

IT security is a responsibility we all share.  Many cyber-security breaches begin with an innocent but incautious act.  Let’s all keep UCI safe.

Annual UCInetID Password Change Policy

password

In response to escalating threats to information security, the Office of Information Technology is working on multiple fronts to strengthen protections. One of the steps we will be taking is to require that UCInetID passwords be changed annually.

Your UCInetID is your key to UCI online services. Use of a UCInetID and password by anyone other than you can result in exploitation of UCI resources, loss of personal and university information, and other potentially negative consequences.

There is a plethora of “malware” on the Internet: on web sites, downloaded via email, and on potentially infected public computers. This software often quietly collects passwords for later use by unscrupulous individuals. The longer you use a given password, the greater the chance it may be captured and misused. Changing it periodically helps you insulate yourself before a thief has an opportunity to use it.

Between January and June 2016, we will be incrementally rolling out a process to require changing UCInetID passwords older than one year. You will receive a series of email notifications starting one month before the change is required. Once that month has passed, a UCInetID whose password has not been changed will be deactivated. It will then need to be re-activated via an online process.

Although UCI Google and Office 365 passwords are not yet linked to UCInetID passwords, we recommend that you change all of these annually as well.

We appreciate your support of this new policy and other security initiatives. Given the imperfect protection that passwords provide, we are also working to implement expanded use of “multifactor authentication”. This involves exchanging a token with a smartphone or other device in addition to entering a password when accessing sensitive campus resources.

For additional information on the new password policy, including advice on choosing a good password, please see www.oit.uci.edu/ucinetid/password-policy/. If you have additional questions, please contact the OIT Help Desk (oit@uci.edu, 949-824-2222).

Choosing a Secure Password

password

Choosing a password can be a daunting task. You must choose one that no one can guess but you can remember! Here are some guidelines to help you.

  • When choosing a new password, do not re-use any of your past passwords.
  • Pick a password that has at least 8 characters. Generally speaking, the longer your password is, the more secure it is.
  • Your password should contain at least one alphabetical character (a-z).
  • Passwords are case-sensitive and can have both upper and lower case letters. Using MiXeD case in your password increases its security.
  • Your password should contain at least one non-alphabetical character,which is not the first or last character of the password.
  • Including numbers and punctuation increases the strength of your password.
  • Using a long phrase, up to 63 characters creates a very strong password/pass phrase.
  • Do not use any personal information (name, address, phone number, social security number, UCI employee ID number) as any part of a password.

One helpful technique for choosing a secure password is to think of a phrase you can remember. Take the first letter of each word in the phrase, then change some letters to mixed case or numbers or punctuation. For example, the famous movie line “Louie, I think this is the beginning of a beautiful friendship” could become the password “LItt1tb0abf”.  Note the two capital letters and the two digits.

Group Email – Hints and Tips

mailinglistEmail has become an integral tool for business communications.  However, using email to communicate among a group can be challenging.  Here are some ideas for more effective communication and collaboration within a team or other UCI community.

For small groups and short-term issues, a simple cc: list and “reply all” can get the job done, but when the number of recipients grows, communication becomes disjointed as people reply to different messages in a chain, respond to different drafts of a document, accidentally share comments intended for one recipient to the whole list, and other inefficiencies.

Mailing lists (provided at UCI by the Mailman software) are a convenient method for communication among a large group or interest community.  Lists can be configured to be for announcements only (list members see official postings but cannot reply), moderated (anyone can reply but the list administrator has to approve a reply before it is distributed), or open discussion.  You can request a new mailman list on the OIT Web site.  Administrators can build a list of recipients, or potential subscribers can add and remove themselves from a list as interests change.  Recipients are spared a chain of “Please remove me from this list” email messages which can result from using cc: addressing.

Beyond simple group communications, there are collaboration tools such as UCI Google Groups.  With collaboration software, you don’t have to send email attachments around – teams can work on a single on-line copy of a document together, discussing ideas in email, or attaching comments directly to the document.  Access to the document is tied to membership in the group, so as people join and leave the team, the ability to participate in discussions or change team documents follows in parallel.

If you have questions or wish assistance in using group communication tools, please contact the OIT Help Desk.

 

Update from Windows Services Group

Microsoft Windows
OIT’s Windows Services Group (WSG) provides Windows Server system administration and related application support.  Here are some of WSG’s efforts over the last year.

Windows 7 Migration

As OIT’s Desktop Support has been guiding departments through the transition from Windows XP to Windows 7, WSG has been working behind the scenes to create a productive environment for users, including server support for user profiles (i.e., seeing the desktop and preferences you expect when you log in – at any supported machine), departmental shares (network disk drives), and group policies (such as security features.)

Remote Administration

Remote administration refers to systems that allow for efficient distribution of standardized software and desktop configuration from a centralized location.  WSG has worked with Desktop Support to transition remote administration from LANDesk to BigFix and Microsoft System Center resulting not only in flexible and efficient support for user desktops, but saving UCI tens of thousands of dollars a year.

Lync

WSG has pioneered deployment of Microsoft Lync services for UCI. Lync is a hosted service that lets you connect with others through instant messaging (IM), video calls, and online meetings. Lync is integrated with Exchange so that (for example) free/busy information from your colleagues’ calendars is visible allowing you to see who among your collaborators is available through the work day or to schedule conferences.