Every semester, the passwords that students and staff use to access the K-State network change.
This semester added some layers of complexity, which provide extra security for all network users. One added layer is the need to change the password settings on all electronic devices that are synced with the network. However, despite the email reminders, the changeover is still largely unfinished. As of this past weekend — just days before the Feb. 8 deadline — less than 50 percent of registered users had completed the reset.
Harvard Townsend, the chief information security officer at K-State, said that resetting passwords is important both for keeping K-State email accounts secure and keeping the network free of spam.
“K-State requires the password change in order to limit the amount of time someone can cause harm if it is stolen,” Townsend said. “This could happen if it is stolen by hackers via phishing scams or compromised computers. It can also happen if you share your password with another person even though it’s against K-State policy to do so.”
However, as Townsend pointed out, it is important to note that there is a difference between the annoyance of spam and phishing scams, a specific type of spam that is malicious in intent.
“Generic spam is not a problem,” Townsend said. “It’s a specific type of spam — it’s phishing scams targeting K-State users trying to steal their eID and password.”
While most are familiar with phishing scams, as K-State issues warnings that the university never asks for information via email, a new kind of phishing scam is still catching people off guard.
“We have had several duped by the ‘work at home’ scam,” Townsend said.
Townsend said that K-State students need to respond to the simple and important task of resetting their passwords in order to protect their online accounts.
“About 17,000 registered K-State eIDs have reset their password,” Townsend. “Out of approximately 41,000 active ones, less than half have responded. Most wait to the last minute or miss the deadline and get locked out of K-State Online, Webmail and iSIS.”
Alexandria Powell, sophomore in psychology, said that it was easiest for her to remember to change her password by not trying to remember to do it at all.
“I changed it the first time I saw a reminder in my inbox,” Powell explained.
The other added layer of complexity was a change in password restrictions. The old standards required passwords to have five to eight characters and three different kinds of characters other than lowercase — capital letters, numbers and special symbols.
Now, in addition to the extra three types of characters, the new guidelines requires passwords to have at least 10 characters and at most 30 characters.
The new, more complex requirements make the passwords harder to steal or guess. Since making a new password under the new guidelines, Powell said that her password was stronger than before.
“I think I made a good password,” Powell said. “I tried making it just a name, but the restrictions wouldn’t allow that, so I mixed and changed it up. It was a little hard to remember at first, so I wrote it down. After typing it in a few times, I’ve got it memorized.”
Rebecca Gould, director of the information technology assistance center, had some tips to make a good password.
“Find a phrase that works,” Gould said. “It has to meet the character length requirements. Maybe choose an obscure line from a song, movie or book. Then mix in the other character requirements but don’t do them in blocks.”
Townsend said it is important to remember that all wireless devices are affected by password changes as well. To make sure your synced devices stay connected to K-State, you must change the password settings on all synced devices.
“People who have multiple devices linked to the network should gather all of them up and then make sure to change the password settings on each one,” Townsend said. “If they don’t do that, or if they don’t change their password for their eID, Thursday morning nothing is going to work for them when they try to connect.”
Feb. 8 is the deadline for resetting account passwords. To reset a password, visit eid.k-state.edu.
To change passwords for other wireless devices, go to wireless.k-state.edu/connect and follow the instructions.
For more tips on how to make a strong password, visit k-state.edu/its/eid/faqs_password.html.