- OIT Home
- Technology Service Catalog
- UCONNECT
- Central Tech Store
- Mobile Central
- Accounts & Passwords
- Wireless and Internet
- Support & FAQs
- Frequently Asked Questions
- Contact the Office of Information Technology
- Contact Technology Resource Center
- Contact Telecommunications
- Streaming Assistance
- Maintenance Schedule
- Improved Security For Passwords At UCO
- Faculty Focus
- Student Resources
- Staff Tools and Resources
- Technology Training
- Technology Resource Center
- Information Security
- Policies, Procedures & Guidelines
- Forms
- Technology Purchases
- Technology Projects
- About OIT
Improved security for passwords at UCO
During the month of March, you will be required to change your UCONNECT password. As part of the strengthened security for passwords, you will then need to change your password every 90 days.
You can change your password at any time, but if 90 days pass since it was last changed, you will be prompted to change it. This will be enforced by using a new alert mechanism on the Home tab of UCONNECT.
Where Can I Find Out More About Strong Passwords?
What Are Strong Passwords?
Passwords will need to follow these rules, to be considered strengthened:
- 8 - 12 characters in length
- Must consist of only alpha and numeric characters, a - z (case sensitive), 0 - 9
- Must contain at least 1 alpha character, a - z, A-Z
- Must contain at least 1 numeric character, 0 - 9
- Must NOT contain special characters, such as @, #, $, %, *, &, (, ), etc.
You were prompted to set up your security questions beginning October 18, 2010. If you have not logged into UCONNECT since that date, you will be required to set up answers to your security questions on your next login attempt.
Security questions will be used for the changing of passwords as needed.
Once this process is in place, if you need to change your password, you will use the online self-service password change utility which presents a choice of security questions or a one-time use email link for password changes. If the security questions cannot be answered and an alternate email is not available, you must visit the Help Desk with a photo ID to change your password.
Why All The Changes Now?
Basically, the university is making these changes to help protect your personal information from Internet hackers. However, under the Federal Educational Rights and Privacy Act, or FERPA as you'll often hear it called, the U.S. Department of Education is also strongly recommending institutions of higher education implement strengthened policies and regulations regarding passwords.
After extensive research on technology "best practices" and "standards" among our peer institutions, Central's Office of Information Technology determined that changing passwords every 90-days was the best solution for the campus community, at this time, to meet FERPA recommendations. As technology advances and new information becomes available, we will review and adjust our policy, as needed, to best ensure the protection of your information.
We understand this is a big change, and it will take some time for the campus community to adjust to the new policy. As such, we have implemented an online Self-Service Password Reset Tool. This will eliminate the need for Help Desk involvement when resetting passwords. This allows the control to be placed in your hands and no longer will your default password be information that can easily be gathered from public Facebook information.
Where Can I Find Out More About Strong Passwords?
For more information about standards, recommendations and other issues related to changing online passwords, see the links below:
Protect Your Password From Misuse
Maximum Password Age
This determines how long users can keep a password before they have to change it. The aim is to force users to change their passwords periodically. Generally, you use a shorter period when security is very important and a longer period when security is less important. You can set the maximum password age to any value from 0 to 999, where a value of 0 specifies that passwords don't expire. Although you might be tempted to set no expiration date, users should change passwords regularly to ensure the network's security. Where security is a concern, good values are 30, 60, or 90 days. Where security is less important, good values are 120, 150, or 180 days. Source: http://technet.microsoft.com/en-us/magazine/ff741764.aspx
Password Best practices
Define password policy so that all user accounts are protected with strong passwords. Source: http://technet.microsoft.com/en-us/library/cc784090(WS.10).aspx
Facebook Security
You forgot your Facebook password again? Or maybe you got your Facebook account hacked because of your easy to guess password? The Facebook password is the one and only thing that is needed to access Facebook. Sure, there is the email or username, but that's easier to guess than the password, right? Someone who knows your Facebook username only needs the password, and boom, they are in and control your account. Guess what those malicious users do most of the time? First, they change the password, so that you will have a harder time logging in. Then they can do all kinds of things, like posting on your wall, removing or adding friends, harassing users or reading private messages. To avoid this, Facebook account owners need to take good care of their password. How can we describe it the best: Think of your password as your wallet. Losing your wallet can have all kinds of consequences, from losing the money in the wallet, to credit card bills and identity theft. Source: http://bestoffacebook.com/category/facebook-security/
Protect Your Password From Misuse
Source: http://www.thesecuritypub.com/security-awareness-topic-1-password-best-practices
Changing And Reusing Passwords
Over time, passwords may be compromised in many ways, including: To limit the usefulness of passwords that have been compromised, a best practice is to change them regularly. A common rule in many organizations is to force users to change their passwords when they log in, every 60 or 90 days. In general, users should be required to change their passwords regularly. The password expiry interval should not be longer than 90 days. Source: http://www.psynch.com/docs/password-management-best-practices.html
100 North University Drive, Edmond, OK 73034 | (405) 974-2000