The University is now requiring students to change their account passwords annually.
This change is due to “increasing cyber security threats,” according to an email from Information Technology Services sent to the University community April 26.
University community members will be required to change their account passwords once a year, which is less frequently than several other institutions, Chief Information Security Officer Jason Belford said.
“As we were discussing this change, we looked to external companies and other educational institutions where this expiration is already in effect,” Belford said. “Most were requiring users to change the password every 90-120 days.”
Because this short timespan had more impact on users but did not significantly provide additional security their accounts, an annual system was put into place, Belford said.
This change applies only to systems maintained by ITS. Departments such as the Darden School of Business and the McIntire School of Commerce run their own systems and have their own policies about password management.
The new policy was put into place after recent security incidents at the University, Belford said. Multiple external entities reviewed the University’s security systems and suggested that passwords within the system be changed routinely.
Additionally, it is required by most of the legal and regulatory agencies that audit the University, Belford said.
The goal of the policy is to ultimately prevent cyber threats from affecting members of the University community. The University has previously faced cyberattacks originating in China.
“If you pick up any paper these days, you will realize that cyber threats are not decreasing,” Belford said. “To better protect users and data, companies are having to find ways to better address these threats.”
When users change the passwords on their accounts, it’s helping to ensure that they are the only ones using that account. Once a “bad guy” has a username and password for an individual, he could perform tasks such as reading emails and reviewing transcripts, or something more harmful such as sending emails and dropping classes, Belford said.
“By changing the password, it thwarts attempts for a bad guy to try all possible combinations of passwords,” Belford said. “By the time the bad guy would get through his list, the user would have changed the password again.”
Some students welcome the policy changes, especially since the goal is to ensure their accounts are protected.
“I think it’s a good habit to keep changing your password to keep your account secure, so if U.Va. is making us do that, I think it’s fine,” first-year Engineering student Aditi Narvekar said.
However, although the change is viewed as positive, first-year Engineer student Neel Patel said the constant change will eventually become an inconvenience.
“The passwords are like absurdly long and complicated so it’s a hassle, but better safe than sorry,” Patel said.
Students can change their passwords on the ITS website or at password.virginia.edu.
Read More
Honor Committee plans Dorm Talks and finals week initiatives
By Lexie Stadler | 2 days agoIn an effort to enhance student outreach and introduce incoming students to the Honor System, the Committee will reintroduce Dorm Talks in the Fall 2024 semester.
BREAKING: Two fraternities suspended, one terminated after hazing allegations
By Ford McCracken | 2 days agoThe University’s chapter of Pi Kappa Alpha is the founding chapter of the fraternity, which was founded in West Range room 47 in 1868.
From the archives: April 22 – April 28
By Maisy Callahan and Grace Franklin | 2 days agoThose opposed to the Mall feared closing Main St. would create inconvenience and traffic, which would in turn decrease the income made by merchants.
