Password Management

February 5th, 2004 by Adam


Are You Keeping a Key under the Flowerpot?


Dwight Fischer,
CIO

 


    Those of us in the computer industry face
an increasing struggle against viruses and other threats to our networks.
ITS takes this role seriously, to guarantee that computing resources remain
accessible, data integrity is ensured, and privacy of personal information
is protected.

 


    Ironically, one of the most prominent
threats to our networks comes from legitimate users …US.

 


    This reminds me of my parent’s home, which
is locked up tighter than Fort Knox. Locks, deadbolts, and Neighborhood
Watch decals on all the windows and doors…they have it all. Then they put a
spare key under a flower pot outside the door!

 


    At Plymouth we have network ‘firewalls’
protecting PSU from undesirable traffic. Virus protection sits on that same
firewall, screening known viruses before they can infect individual
computers. We have a host of information systems to which we submit
usernames and passwords routinely. All are prudent security measures.

 


    And yet how many of you keep a list of
passwords taped under your keyboard or yellow stickied to a monitor, or a
3×5 card stored in your desk with all your usernames and passwords?

 


    Designated passwords are another issue. Do
you use passwords named after family members, or pets or birth dates? Do you
use the same password for every system you use?

 


    While these are all very logical coping
mechanisms, they are akin to leaving the key under the flower pot. If I was
a miscreant intent upon hacking into, say, the student information system, I
would look up a number of employee names, find their birth dates (anybirthday.com),
scoop some information on immediate family members and pets, and then get
down to business. It probably wouldn’t take long to find a match. At that
point, I would have access to the system to either grab sensitive data or
change a few grades.

 


    Responsibility for security rests with all
of us. ITS realizes that we have far too many usernames and passwords to
remember. Already we’ve taken steps toward simplifying the process. Users
now perform a single sign on to Campus Pipeline which takes them to Banner
and WebCT. In the future, we’ll build more into that single sign on, making
your life easier, but requiring us to be ever more vigilant in our methods
of password management.

 


    Password Management Tips
:
Change your passwords routinely. Every three months is good practice. Use
passwords that include letters and numbers. Avoid names or common words that
someone could guess. If you must write them down, avoid writing them next to
the associated usernames. Protect them like you would your money and credit
cards. Better still, confine them to memory.