As modern technology improves, the need to secure users’ privacy and data grows ever more pressing.
Here at Gonzaga University, one of the ways the institution is seeking to create a safer, more secure online experience for everyone is by making students’ passwords a required 15 characters long.
The new passwords are required to meet a new minimum length of 15 characters, but are now exempt from special character and number requirements. Additionally, these passwords will come without expiration dates.
“Longer passwords are harder for computers to guess, so switching to a 15-character password without requiring special characters, numbers or capitalization decreases the chances of a program guessing your password using brute force methods,” said Ismael Teshome, who works as the Next Gen Tech Bar lead. “Students can select a longer password that they won’t be required to change and remember every four months.”
The change to this new password system has been in the works for some time now, according to Information Technology Services SharePoint Analyst Kara McGinn.
“We started implementing the new password policy this past summer for the incoming freshman class,” McGinn said. “To minimize disruption, we staggered which students had to have the newly enforced 15-character minimum password based on when their password next expired. While many students have already had this policy implemented, all students will have this policy in effect by Feb. 26 when the final group of passwords will expire.”
On any account, remembering any password is hard enough, especially when number and special character requirements are introduced. Further challenging users is the fact that some accounts require one to change their password after a certain period of time has transpired. IT Trainer Chelsea Tau’a believes that eliminating these challenges will actually lead to more secure passwords.
“A common problem is that short and complex passwords are easily forgotten, hard to type and are written down—which eliminates all pretense of security,” Tau’a said. “And when a person is required to change those passwords all the time, they would be more likely to write them down and re-use their favorites. Our goal is for people to have passwords that are very hard to guess (or crack) but are easy to remember and easy to type.”According to Tau’a, a supercomputer — any computer with a with a vastly higher operating speed than the average computer—could potentially hack an 8-character complex password in 7.6 minutes, whereas a 15-character simple password could take up to three years for the same supercomputer to crack. This is because of the drastically increased number of combinations that arise from the extra seven characters, Tau'a said.
“The No. 1 thing to keep in mind about this change moving forward, is that unless ITS suspects the account has been compromised, we won’t be requiring the password to be changed periodically,” said Steven Bjerken, information security engineer.
Students usually have to log into a GU account more than once, which makes typing new passwords when logging in to Office 365, Zagweb and Blackboard an issue for students both on and off campus.
“Most students are stunned at first by the length requirement but are then happy to hear that they won’t have to be changing it in the future,” Teshome said.
In this new era of password security requirements here at GU, the folks at IT have a few tips and tricks for students.
“Make a good passphrase that you can remember that you use only for your Gonzaga account,” Bjerken said.
A passphrase is several unrelated words strung together to make a phrase that meets the character requirements.
“Once you type this in a few times, the unrelated words will be committed to memory,” Tau’a said.
IT Services remains confident that the new changes will continue to produce further security for the online GU experience.
“There has been a noticeable decrease in the total number of compromised accounts,” Bjerken said. “Implementing [Multi-Factor Authentication] was the first step in decreasing this number.”
Hopefully our next 15 keystrokes will represent the next 15 steps in securing our online presence here at GU.