Password Management

August 29th, 2003 by Adam

New Page 1

Those of us in the computer industry face an increasing struggle
against viruses and other threats to our networks. ITS takes this role
seriously, to guarantee that computing resources remain accessible, data
integrity is ensured, and privacy of personal information is protected

This reminds me of my parent’s home, which is locked up tighter than
Fort Knox. Locks, deadbolts, and Neighborhood Watch decals on all the
windows and doors…they have it all. Yet they put a spare key under a
flower pot outside the door!

At Plymouth we have network ‘firewalls’ protecting PSU from undesirable
traffic. Virus protection sits on that same firewall, screening known
viruses before they can infect individual computers. We have a host of
information systems to which we submit usernames and passwords routinely.
All are prudent security measures

And yet how many of you keep a list of passwords taped under your
keyboard or yellow stickied to a monitor, or a 3×5 card stored in your
desk with all your usernames and passwords?

Designated passwords are another issue. Do you use passwords named
after family members, or pets or birth dates? Do you use the same password
for every system you use

While these are all very logical coping mechanisms, they are akin to
leaving the key under the flower pot. If I was a miscreant intent upon
hacking into, say, the student information system, I would look up a
number of employee names, find their birth dates (anybirthday.com), scoop
some information on immediate family members and pets, and then get down
to business. It probably wouldn’t take long to find a match. At that
point, I would have access to the system to either grab sensitive data or
change a few grades

Responsibility for security rests with all of us. ITS realizes that we
have far too many usernames and passwords to remember. Already we’ve taken
steps toward simplifying the process. Users now perform a single sign on
to myPlymouth, which takes them to Banner and WebCT. In the future, we’ll
build more into that single sign on, making your life easier, but
requiring us to be ever more vigilant in our methods of password
management.

What can YOU do? Change your passwords routinely. Every three months is
good practice. Use passwords that include letters and numbers. Avoid names
or common words that someone could guess. If you must write them down,
avoid writing them next to the associated usernames. Protect them like you
would your money and credit cards. Better still, confine them to memory.

And avoid leaving a key under the flower pot.

Dwight Fischer, CIO
August 2004