Starting Monday, all members of the Syracuse University community with a NetID will be required to change their password at least once a year.

“It’s important that each of us has secure login credentials and one of the most effective ways to protect a system is to make those login credentials hard to crack,” said Chris Finkle, communications manager for the Information Technology and Services.

Thirty days before a password is set to expire, ITS will begin to send each member of the SU community warning emails with instructions on how to change his or her password. People will then have the opportunity to log into MySlice and make the change. If they do not do so before the expiration date, ITS will disable their account, effectively cutting off access to university systems like AirOrangeX, MySlice, SU email and Blackboard. After the expiration date passes, users will only be able to reset their accounts by calling or visiting the ITS office.

Cynthia Hoalcraft is the manager of the Identity Management Team within ITS, which administers the system through which NetID users can change their passwords. She said other institutions have similar measures in place to help protect data saved on the system and, more importantly, limit identity theft.

“Our passwords are proliferated through systems as we use them and the more proliferated they are, the more exposure there is,” Hoalcraft said.

Finkle said university email accounts are often targets of phishing, or spam emails that attempt to obtain personal information from the receiver on a false pretext. He said that changing passwords will help reduce the number of phishing scams because it will make most of the data obtained through phishing obsolete.

“By making everybody change their password, we reduce the vulnerability of our systems by making any password that’s more than a year old no good,” Finkle said.

Hoalcraft said that when ITS sends emails to SU community members saying that they need to change their password, it will not include links in the emails. Finkle said this will help distinguish ITS’s legitimate emails from harmful ones that try to imitate ITS.

Finkle added that many alumni accounts still exist, but are inactive. Disabling accounts will help weed out the alumni accounts that are not in use and, therefore, help to clean out the SU system.

Julie Elliston, a freshman broadcast and digital journalism major, said she doesn’t think there is much of a threat to SU accounts, but that overall she does not mind the change.

“I don’t really see the point in it. I don’t really think that there’s anyone trying to hack our MySlice … but I guess if it’s only once a year then it won’t be that big of a hassle,” Elliston said.

Finkle, the communications manager for ITS, said that based on the feedback they’ve received, most people, like Elliston, are supportive of the change. He said, however, that some members of the community are more resistant.

“There are other people who are just incensed that they’re inconvenienced that they have to go change their password,” Finkle said. “They’re more concerned about the inconvenience of having to remember a password and part of me wants to say I get that, but that’s the price of admission for using all these wonderful tools… you need to protect yourself and you need to protect the institution that you work for or attend.”

Published on November 3, 2014 at 12:01 am

Contact: [email protected]