Password Security at UCO

Improved Security for Passwords at UCO

To enhance security all UCO faculty, students and staff will be required to change their UCO password every 90 days. 

You may change your password at any time, but if 90 days pass since it was last changed, you will be prompted to change it.  This will be enforced by using a new alert mechanism in UCONNECT.

What Are Strong Passwords?

Strong Passwords should follow these rules:

  • 8 - 20 characters in length
  • Must contain alpha and numeric characters, a - z (case sensitive), 0 - 9
  • Must contain at least 1 alpha character, a - z, A-Z
  • Must contain at least 1 numeric character, 0 - 9
  • May contain special characters, such as @, #, $, %, *, &, (, ), etc.

Should you need to change your password, please use the Online Self-Service Password Change Utility or contact the UCO Service Desk for assistance.

Why Is This Necessary?

The university has implemented these changes to help protect your personal information. However, under the Federal Educational Rights and Privacy Act, or FERPA as it is often called, the U.S. Department of Education is also strongly recommending institutions of higher education implement strengthened policies and regulations regarding passwords.

After extensive research on technology "best practices" and "standards" among our peer institutions, Central's Office of Information Technology determined that changing passwords every 90-days was the best solution for the campus community, at this time, to meet FERPA recommendations.  As technology advances and new information becomes available, we will review and adjust our policy, as needed, to best ensure the protection of your information.

For your convenience we have implemented an online Self-Service Password Reset Tool.  This will eliminate the need for Service Desk involvement when resetting passwords.  This allows the control of your password to be placed in your hands. Your default password will no longer be crafted by information that can easily be gathered from public Facebook information.

More About Password Security

How can I make my password more secure?

  • Don't use passwords that are based on personal information that can be easily accessed or guessed.

  • Don't use words that can be found in any dictionary of any language.

  • Develop a technique for remembering complex passwords.

  • Use both lowercase and capital letters.

  • Use a combination of letters, numbers, and special characters (where allowed).

  • Use different passwords on different systems.

  • Don't share passwords with others.

  • Change passwords regularly.

  • Store passwords in a safe place.

  • Don't leave passwords where others can find them.

What if someone requests my password via email? Any e-mail that requests your password or requests that you to go to a website to verify your password is almost certainly a fraud. This includes requests from a trusted company or individual. E-mail can be intercepted in transit, and e-mail that requests information might not be from the sender it claims. Internet "phishing" scams use fraudulent e-mail messages to entice you into revealing your user names and passwords, steal your identity, and more.

What if I'm using a public computer? Computers such as those in Internet cafés, computer labs, and airports should be considered unsafe for any personal use other than anonymous Internet browsing. Do not check online e-mail, chat rooms, bank balances, or any other account that requires a user name and password. Hackers can purchase inexpensive keystroke logging devices which take only a few moments to install. With these devices hackers can harvest all the information typed on a computer from across the Internet.

What if my password is stolen?  Be sure to monitor all the information you protect with your passwords, such as your bank account statements, credit reports, credit card accounts, etc. Strong passwords can help protect you against fraud and identity theft, but there are no 100% guarantees. No matter how strong your password is, if someone breaks into the system that stores it, they will have your password. If you notice suspicious activity on your accounts that could indicate that someone has accessed your information. Notify authorities immediately.

Details

Article ID: 41992
Created
Fri 11/3/17 12:09 PM
Modified
Fri 4/20/18 4:45 PM