Passwords changing for safety

The passwords associated with A numbers or the passwords that are used to sign into Banner, Aggiemail, campus computer labs and other campus systems will be reset Monday, March 10, to a 12-digit temporary passwords which students will have a month to change before the temporary password goes inactive.

The change is coming about because Informational Technology recognizes passwords are being hacked all the time, and with USU passwords only being six characters long, it only takes a hacker about two and a half months to guess your password, said Kevin Reeve, the marketing communication coordinator for informational technology. Even having eight characters in a password instead of six can make a password something like 10 times harder to hack, he said.

“We have people hacking into USU all the time,” Reeve said. “They usually hack into a computer to use that computer to hack others. They are usually caught quickly. There isn’t an awareness that a password can be hacked until it happens, but IT is recognizing this as a problem.”

Bob Bayn, IT security team coordinator, said some programs can guess up to seven passwords per second, when IT detects something out of the ordinary they follow up on the incident. Twenty years ago, passwords didn’t need to be strong because they only had to be kept from a small group of people, but not passwords can be hacked from all the way around the world, he said.

“It is relatively easy to hack some passwords, not giving the most common student pin is 123456 and that is not too far down into the hacker’s dictionary,” Bayn said.

Reeve said USU is “not about to make the 10 o’clock news” with their hacks, but students need to realize people aren’t looking to hack into e-mail. If hackers get into e-mail they can “read something gossipy,” but what hackers really want is to steal an individual’s identity. If a hacker were to get the password to an USU employees account it is even more damaging because banner will let you see their social security number and the bank account where their checks are deposited, he said.

“We are hoping to help people understand the need to create a strong password,” Reeve said. “If I know anything about you and you are using your husband’s name as your password, I am going to be able to guess that pretty easily.”

On March 10 everybody’s password is going to be reset. It is the beginning of spring break, so there will not be a lot of people here, so it won’t be the “end of the world if you can’t get around to changing it right away,” Reeve said. Students will have to know their six-character banner pin, the students will enter their A number, the temporary password and then they will add some challenge questions such as a mother’s maiden name. After students enter their challenge questions and answers students will get a chance to set up their new passwords. If students choose to wait until after the April 10th deadline, they will no longer be able to use their temporary password to get into school systems but the password can still be used to change to a permanent password, he said.

“There is no good time to implement a change,” Reeve said. “We needed to do it soon to protect.”

The requirements for pin numbers starting March 10 include, a minimum of eight characters, a maximum of 16 characters, at least three numbers included in the password, the first character must be from the alphabet and cannot have an A-number in the password. For more information, students can go to password.usu.edu.

-debrajoy.h@aggiemail.usu.edu