Saturday, August 20, 2005

Windows and MySCSU passwords change

Due to some security concerns, Windows passwords (for logging on to Windows computers on campus) and MySCSU passwords (for the MySCSU portal, southernct.edu, and some course access) are being reset this weekend. Windows passwords were supposed to be reset yesterday (Friday) and MySCSU passwords are being reset on Monday (8/22). According to the HelpDesk website, this will not affect your Banner password, but I think it affects WebCT.

The new passwords must conform to stricter guidelines than the old ones. The new passwords must be (as quoted from the HelpDesk website):
  1. Not contain significant portions of the user’s account name, full name, or current password.
  2. Be at least 8 characters in length.
  3. Contain characters from three of the following four categories:
    1. English uppercase characters (A through Z)
    2. English lowercase characters (a through z)
    3. Numeric characters (0 through 9)
    4. Non-alphanumeric characters (!@#$%^&*-+?)
(Update 8/22: At least the MySCSU passwords seem to require letters, numbers, and symbols. Uppercase/lowercase doesn't seem to matter, since that makes the required 3 types.

Update 8/26: They are now instructing that Windows passwords that follow the same rules as MySCSU passwords: letters, numbers, and symbols. Passwords are case sensitive, but you don't have to use both upper and lower case letters. If you have already chosen a password, you may not have to reset, but follow these rules next time. Passwords also cannot use a part of your name or birthdate. Windows and Banner passwords can be reset from the HelpDesk page, but MySCSU require calling 203-392-5123 or visiting a campus computer lab, such as Buley 314.)

In other words, they must be longer (8 characters or more) and more complex. You will be forced to change passwords every 60 days and will not be able to repeat your last six passwords. So now is the time to come up with several to use when you are unexpectedly unable to get into your email 60 days from Monday.

For all the details, check IT's helpdesk website at http://helpdesk.southernct.edu/index.php?option=com_content&task=view&id=200&Itemid=124

For those who hate choosing passwords, especially "weird" ones like these, here are a few suggestions:
  • Use "l33t speak", the early hacker substitution of numbers for letters. l33t is 'leet or elite.
    • A=4 or @
    • E=3
    • I=1 or ! (also Y when used as a vowel with the long I sound)
    • O=0 (That's "Oh" equals "zero") or ()
    • T=7
    • S=$
    • So "stories" could be written "$70r13$" (This is an extreme example, it would be easier to replace only a few letters. By changing which letters you switch, you can have several passwords from the same word.)
    • You could use this the other way round if you want to use a password like the old default birthdate. Substitute some of the numbers with letters, some capitalized and some not, 1993=!99E.
    • There are more examples on the BBC page linked above.

  • Text messaging has more common substitutions that work well for this sort of password:
    • at=@
    • to=2
    • for=4
    • you=U
    • are=r (also used for any "er", "ar", "or", etc., sound within a word)
    • "ate"=8 (used in any word that contains the sound "ate", like "l8tr" for "later"
    • So the phrase, "my love to you" becomes "my luv 2 U". Combine this with l33t speak and you could use "m!luv2U" (it's only 7 characters, but it does use all 4 of the required types for the new passwords.)
    • Transl8it! has a txt generator. Type your message in and get the txt translation. (It will also go the other way--handy for those who aren't up on their IM/chat slang.)

  • If you really get stuck, there are online password generators that will help you. I can't recommend using this sort of thing for you actual password, because you can't necessarily tell who is legitimate and who is fishing (or phishing) for passwords, but you could use them to get some ideas. Of the ones that came up on the Google search linked above, I like the WebCog Semi-Pronounceable one best. You can just keep clicking the Refresh button until you see one you think you could remember. You will need to capitalize at least one letter or use a "special" symbol to make these work in our new system.
    • If you do use one of these systems to figure out a new password, I would recommend writing down the password (even better, a variation on the password that was generated), closing your browser completely, opening a new browser window and then going to change your password. It may help break the trail between your use of the password generator and where you used the password. Identity theft is a big problem, and you don't want to make it any easier for them to get your information. You might also want to try the Firefox browser, which prevents some of the scripts from running when you visit a "bad" page, like downloading a tracking program so that they see where you go after visiting. (You should already be running a virus checker--students can download McAfee from the MySCSU site--and an adware/spyware remover like Ad-Aware, at least if you use Windows.)
It all sounds really scary now, I know, but by choosing good passwords you can actually lessen your anxiety over being online. If you think about it ahead of time, and have some secure passwords in mind, you won't end up using your dog's name on every website you come across. I have set of passwords that are variations on just a few words, using numbers and symbols to make them different (and I have a "throw away" password for things that don't need a really secure password, like newspaper websites). When I suddenly need a new password, I can use a variation, like changing an A to an @, and still have a chance of remembering it.

1 Comments:

Anonymous Anonymous said...

Hi, R3b3cc@,

I wanted to share another password-generating trick I picked up from the IT folks at my current library gig: taking the first letter (or even 2 letters) from each word of a sentence you make up. So, since I want to move to Seattle, I might use a sentence like "Liberty wants to move to Seattle now." Adding in some numerical substitution, my password would be: Lw2m2Sn. I have found working with sentences to make a big difference in painless but quick password-generation.

Liberty

5:52 PM, August 20, 2005  

Post a Comment

<< Home