On Oct. 9, the MidAmerica Community received an email from Information Technology Services Manager Mark Leinwetter with information concerning a new password change policy requiring students and faculty to change their password every 90 days and requires more complicated passwords than before.
On Oct. 23, students who had not yet changed their password were locked out of their university account until the change was made. The library was full of students trying to log in, and papers with password change instructions were passed around throughout the day.
While this new policy may seem unnecessary to some students and faculty, Tony Parlato, Network Administrator, explained his reasoning behind instituting the policy.
“We know it’s not exactly convenient,” Parlato said. “But we have the university and security’s best intentions in mind.”
Certain levels of cyber security are required for insurance and liability reasons. MidAmerica, in order to reduce the risk of a security breach, is required to adhere to new and constantly fluctuating standards.
“There are hackers nowadays who can crack any non-complicated password in under an hour,” Parlato said. “If your password is ‘password,’ they will know that in a very short amount of time.”
Mark Lienwetter, Information Technology Services Manager, explained the dangers behind a breach in security. Passwords protect information such as social security numbers, bank numbers, credit card numbers, addresses, and confidential emails sent to or from administrators.
In an article on universitybusiness.com, Barb Freda wrote about the issue of password security at universities and the reasoning behind new requirements.
“Accounting offices now work with banks to allow online tuition and other payments,” Freda said. “This means the school’s security must be as strict as the bank’s.”
The password change policy will help protect the university and members of the MNU community, as the IT department is entrusted with the duty of protecting personal information.
The MNU IT department is also trusted to be in constant preparation to handle new threats before they occur. One of the ways this is happening is by equipping students with good security habits now that will continue into future personal and career lives.
“Policies like ours are the new standard in cooperate America,” Leinwetter said. “When students graduate we want them to already be used to it.”
Leinwetter also stressed the importance of security habits such as not writing passwords down or sharing them with others. The 90 day time limit on passwords is designed to help past documentation or conversation from coming back to haunt students or faculty.
Further measures that will be implemented include a new network refresh in 2016 as well as the installation of second-generation firewalls.
“It’s time for IT organizations to evolve their security to address the needs of today’s computer environment,” an article from Cyren, one of MNU’s cyber security providers, said.
Every year, in order to strive for this kind of adaption, cyber security experts are brought in to diagnose problems and make suggestions to MidAmerica. Leinwetter said the password change policy was one measure highly suggested by these experts as an aid both to current security as well as a preparatory step towards more advanced cyber security in the future.
Other than changing passwords and putting in new firewalls, MNU’s cyber security involves having separate security systems in place for different branches of MidAmerica’s online resources. Many different systems are used to compartmentalize security rather than having all information eggs in the same cyber-basket.
The IT department is also able to look at logs of web access for students and faculty in order to catch any spyware, malware, or viruses that could come from certain sites.
“We define, apply, and enforce acceptable use policies for web use,” Leinwetter said. “All web access at MNU is logged as a tool in place for security.”
Another current security protection in place is the availability of the IT department to address problems being faced by students or staff. Leinwetter encourages anyone facing a problem with changing their password or other potential security issues to email, call or visit the IT department help desk.