Strong passwords vital for safeguarding confidential student information
People using the new student administrative system are required to strengthen their NetID password to safeguard access to personal and confidential information.
“The technology used to break passwords has evolved and became more sophisticated, so improving authentication practices and incorporating stronger security measures is more important than ever,” says Queen’s information systems security manager George Farah. “A password with 10 characters, no numbers and special characters using only lower-case letters can be compromised in less than 10 seconds.”
PeopleSoft student administrative system users who have access to personal and confidential information must ensure their NetID password meets three requirements. The new password will apply to all NetID-based services.
The strengthened NetID password must be at least 10 characters long and include an alpha-numeric mix as well as one special character. It must be changed every 120 days. And the same password cannot be used for at least five change cycles to ensure that if the account password is compromised, it will not be valid for at least 600 days (five change cycles of 120 days each).
“It’s important you include randomly placed upper case letters, numbers and symbols so that the number of password possibilities is too large for someone to contend with by guessing,” says Mr. Farah.
Changing the password every 120 days helps ensure the password is not valid by the time it is obtained by a breaking program and to prevent personal and confidential information disclosure especially for those who have responded to emails requesting their passwords.
“Anyone who is not required to strengthen their NetID password because they do not use the PeopleSoft web application should still seriously consider adopting these practices for their campus email accounts and other access as recommended on the ITServices security website,” says Mr. Farah.
Because the new student administrative system is a web-based application accessible to anyone in the world who has an Internet connection and a web browser, the pool of people who can potentially access the university’s personal and confidential information is now exponentially greater than it was with the old mainframe system.
ITServices offers guidelines for selecting strong passwords. And the full details of the strengthened password requirement for the new student administrative system can be found online.