JULY 27 - AUGUST 2, 2005
NEWS
THE UNIVERSITY DAILY KANSAN
3
▼ SECURITY
Updated policy protects privacy
University implements new password policy
BY ADAM LAND
aland@kansan.com
KANSAN STAFF WRITER
To keep campus e-mail accounts secure from ever-evolving computer viruses and hackers, the University of Kansas has begun a new password policy across all campuses.
University students, faculty and employees will need to change their passwords by Sept. 15, said Jenny Mehmedovic, coordinator of information technologies policy and planning.
The University IT department has not had problems with security or privacy yet, said Alison Rose Lopez, public relations and marketing manager for KU informational services.
"This is the best practice," Lopez said. "It's proactive, not reactive."
The policy specifies requirements that new passwords must meet to keep the users' accounts secure.
An article released by the IT
department explained the new policy.
First, new passwords cannot include any part of the user's name, forward or backward. The password should also avoid personal information that can be found out with relative ease, such as family names.
The new password must include seven digits, must have at least one number and have both upper and lower case letters. It must also have at least one special character, such as % or * .
The University also recommends that people change their passwords once a semester to an entirely new password.
The password should also not be a series of numbers, letters or the keys that fall together on the keyboard, such as ASDFG.
The IT department does not want any passwords that are words listed in the dictionary.
Some allowable examples listed on www.security.ku.edu, are iL2eAwPb1, Ucd,yc7 or J,sA&am. Students, faculty
members and employees can find instructions to change their passwords on the site.
The release states that the University will also check passwords randomly and if it cracks or guesses the password, the user will be notified and told to come up with a new one.
Cracking happens when hackers use a program to crack, or gain access, to a password. The IT department's new policy is set up to help combat cracking, Mehmedovic said.
Mehmedovic said changing passwords was only one step of a multifaceted security plan. The IT department plans to implement new firewalls, antivirus software and intrusion detection software, Mehmedovic said.
- Edited by Erin M. Droste