Change it now
How to change passwords for:
Need help? Contact the IT solution center (294-4000, solution@iastate.edu).
If you have any passwords that are more than six months old, you're putting your online security at risk. If any of those old passwords are connected to university accounts, it makes ISU more susceptible to a constant barrage of cyberattacks.
Chief information security officer David Cotton urges users to change their passwords for all accounts -- on and off campus -- at least every six months, and to make it a habit. It's the focus of IT's password change campaign that launched in April and will continue through the fall semester.
During an internal audit of password ages, information technology staff discovered that a large percentage of user passwords are well beyond the recommended six-month shelf life.
"The university is under constant attack from cybercriminals," Cotton said. "In one day, Iowa State’s network is attacked more than 130,000 times. Our first line of defense is our campus community. Users who change their passwords every six months invalidate the authentication credentials of their old password making it useless, even if a cybercriminal were to get ahold of it."
Build a better password
Short passwords are vulnerable, and using the same password for multiple accounts compounds the security threat. Cotton recommends long, complex and unique passwords for each account, with a mix of characters in each -- uppercase and lowercase letters, numbers and symbols. He said it's best to avoid personal identifiers, such as a family member's name.
"Password generation can be tough, so consider using a passphrase, which is a simple combination of three words or more," Cotton said. "Using a passphrase instantly makes your authentication longer and, therefore, stronger."
The Okta identity and access platform will help alleviate some of the password overload once it's implemented, but that still is months down the road.
Password managers also are useful. The applications store and organize your passwords for easier (and more secure) logins, with just a single password to remember.