Network ID Password Expiration Documentation

| | | | | | | | | |

Southern Illinois University Carbondale Icon

Network ID Password Expiration Documentation

Implementation date: 9/19/05

The SIUC Network ID is a unique identifier used for SIUC e-mail, the Computer Learning Centers, Library computer access, dialup Internet service, wireless/VPN access, residence hall network access, and other computing services. In order to increase security and provide better protection against password and identity theft, all users must change their password at least every 120 days. Beginning on September 19, 2005, anyone who has not changed their Network ID password in the last 120 days will have their account locked. A locked account cannot be used until it is unlocked and the password change requirement is met.

Changing Your Network ID Password

All users must change their passwords through the use of the Network ID Password Change utility, which is accessible through a "quick link" on the main Information Technology website, http://www.infotech.siu.edu/, or directly from these instructions by clicking HERE.

The password change form has been combined with the advanced functions forms which previously were separate sites of their own. n The password change function is located in the left column of the form, and the otehr advanced functions are located on the right-hand side of the form. The page layout is shown here:

Unlocking a Network ID With an Expired Password

If a password has not been changed in more than 120 days, the account will become locked and cannot be used until the account is unlocked and the password reset.

If a Network ID is locked due to password expiration, the Network ID holder can unlock their account through the password change "quick link" on the main Information Technology website, http://www.infotech.siu.edu/, or directly from these instructions by clicking HERE.

The ID unlock function is the third choice on the right-hand side of the form:

To unlock an ID, the user will need to enter their Network ID and Student or Staff ID (usually the same as the SSN, or it may be an assigned 9-digit ID; do not put hyphens or dashes in the ID number field, only the nine digits of the ID number) in the appropriate form fields, click the check-off item next to the "Unlock expired Password" selection, and click the "Submit" button at the bottom of the right-hand column on the password change form. If the information is input correctly, a response box will inform you that the unlock request has been queued, and that it may take up to 30 minutes to complete the unlock function.

Unlocking your account is only a temporary measure so that you can complete the password change. Unlocking a Network ID does not change the age of the associated password, it will still be expired and subject to being re-locked. You will still need to change the password to prevent this problem from recurring.

If you simply unlock the account and do not change the password, you will be allowed to use your account as before, but only until the next locking session is run on the server. Once you have had your account locked and unlocked more than twice without an intervening password change, the password will be automatically scrambled, you will not be able to use the account again until and unless you come in to the Customer Service Center with your identification card and have it reset manually.

Only Network IDs which have been locked due to password expiration for less than 120 days can be unlocked through this page. Network IDs which remain locked for more than 120 days, or which have been locked for reasons other than password expiration will need to be unlocked by the Computer Support Center. The CSC can be reached at 453-5155, or by email at infotech@siu.edu

These policies are not negotiable and will be applied to everyone; the Customer Service Center representatives with which you will have to deal (in person and/or over the telephone) have no recourse other than following the policies that have been given to them.

On this same form, you can also check the amount of time remaining until password expiration by filling out the ID and account name fields and choosing the "Check Password Expiration" button.

A request to "Check Password Expiration" will automatically generate an email to that Network ID mail account which will include information about the password change dates for the Network ID, including the last password change date.

Frequently Asked Questions (FAQ)

Q: This is a real inconvenience. Why do we have to do this?

A: The State of Illinois Auditor General and SIUC administration has mandated this practice. Password changes are a critical part of keeping your information and computer access secure against attackers. Changing your password regularly will also help safeguard against identity theft. In addition, not changing your password every 120 days will create extra difficulties since your account will be temporarily locked until the password change requirement is met. Therefore, it is in your best interest to change your password a minimum of every 120 days, both to keep everything running smoothly and to protect yourself. If your Network ID is associated with sensitive information, sensitive computer systems, or sensitive data, it would be wise to change the password more frequently.

Q: Why can’t I just use a very simple, easy to remember password?

A: Computer criminals often attempt to guess passwords through automated means. An easily guessed password is much easier to compromise, and places the person at increased risk for other security problems such as criminal invasion of privacy (AKA "Identity Theft").

Q: Why do I have to enter my Social Security Number? Isn’t this dangerous?

A: The Social Security Number is a sensitive piece of data that is used for most students in SIUC's Student Information System (SIS). SIS requires a 9 digit number for an identifier. Students that don't want to use their SSN as their ID number in SIS and other related areas may request a school-assigned student ID through the Records Office in Woody Hall room A-103.

In addition, Information Technology takes measures to ensure the security of SSN/Student ID or other sensitive data and to protect your privacy. That is why the address of all of the Network ID pages contains the "https" protocol identifier, rather than simply "http". The "s" stands for "secure." All of the data on that page is encrypted before it is sent from your computer to our password management servers. You can (and should) verify that this is in fact occurring by simply looking at the small "padlock" icon, usually located at the bottom of your web browser display. (It looks just like a real, physical padlock.) A lock that is closed, or locked, means that the page is in fact encrypted. If the picture shows a padlock with the shackle in the open position that page is not encrypted and should not be used to submit sensitive data over the internet.

Q: If my account gets locked, will my email be deleted?

A: No SIUC email will be deleted due to an account being locked for password expiration.

Q: Will I still receive email if my account is locked?

A: Yes, email will still be delivered to the account, but you won't be able to read it until the account is unlocked and the password has been changed. A locked account does not affect mail forwarding already in place. Forwarded mail will of course be able to be read from the account to which it was forwarded. Only the "@siu.edu" account is affected by the lock.

Q: When changing my password, can I re-use my existing password?

A: No. That would defeat the entire purpose of requiring password changes in the first place. A unique password must be used every time, every 120 days (or less).

Q: Is my Network ID password the same as my Salukinet PIN?

A: No. They are different.

Q: Will I be notified before this process begins?

A: In general, yes. At least two email notifications should be automatically sent to any affected users. The first will be sent one month prior to the change notifying them of the new process and the deadline dates. A second email will be sent the week prior to the change.

Q: Will I be notified when my password is nearing expiration?

A: Yes. An email will be automatically generated and sent 3 weeks, 2 weeks, and 1 week before a password expiration date.

Q: When will the IDs actually be locked?

A: Network IDs with expired passwords will be locked every Monday morning, and possibly at other random intervals during the week as other administrative tasks might require. These other lock procedures might occur for any number of reasons, so it is in your best interest to unlock your account and change your password as soon as feasible to avoid multiple lock events.

Q: Why must I present identification at the Customer Service Center in person?

A: This verification requirement is in place to protect your privacy and confidentiality of your personal information. Identity theft is becoming all-too common. The verification of your identity prior to accessing or modifying your account is not meant to be a burden upon you; rather, it is for your protection.

Q: I've saved my password in my email program/web browser/etc. and no longer remember what it is. What should I do?

A: Talk to the Computer Support Center (CSC) for assistance with this issue. While convenient for the user, saving passwords in a web browser, email client, etc. is a risky practice that increases the chance that your password may be compromised. The CSC can be reached by telephone at 453-5155. Their home page on the Web is http://www.infotech.siu.edu/csc/; or you can reach them by email at infotech@siu.edu.

Q: We are supposed to use strong passwords, and change them often. Doesn't this new measure reduce security since more people will be writing their passwords down?

A: Unfortunately, password management is not always the most convenient thing. Users must ensure that their passwords are hard for others to guess, but easy for them to remember. One suggestion that might be helpful is to use a passphrase. Phrases are generally longer, and easier to remember than a complex string of symbols, characters and letters. Phrases are less likely to be cracked or guessed. For example, a password of "p@ssw0rd" is easier for an attacker to crack than a passphrase of "thisismyp@ssw0rd." (PLEASE don't use either of these examples for your password!) If the password must be written down, take measures to protect what it is written on and ensure that others won't discover it. (A sticky-note on the side of your monitor is NOT a good idea.)

Q: I work for a department at SIUC that has its own mail server (i.e. the School of Medicine or Morris Library). I have my own username/password/email-account on that department mail server. Do I have to change my departmental server password?

A: Not at this time. You would be subject to department level policies. However, if you are using an SIUC Network ID to forward e-mail to a departmental e-mail, or using any other service that depends upon an IT department Network ID, then you must comply with the new guidelines. At some point in the future, consistent password change requirements will most likely be applied campus-wide for all departments.

Q: Where do I go for more information?

A: The first line of support should always by the Computer Support Center (CSC). The CSC can be reached by telephone at 453-5155. Their home page on the Web is http://www.infotech.siu.edu/csc/; or you can reach them by email at infotech@siu.edu.