Mandatory Password Change Coming to YSU

Beginning on Sept. 15, Youngstown State University will institute a program that requires password changes to YSU accounts every 180 days.

All faculty, staff and students will be assigned random expiration dates for their passwords that occur between Sept. 15, 2014 and March 15, 2015. As those dates approach, emails will be sent out instructing people to go to a link that will allow them to change their passwords. The first time students and faculty go through the process, they will be required to provide three challenge questions that will be used in the event that they forget their new password.

If a student changes his or her password prior to the expiration date, a new expiration date is generated 180 days following the password change. After changing passwords, students will need to update their information on any devices they use to log into the university’s Wi-Fi.

Ken Schindler, the university’s chief technology officer, said it is a basic safeguard for any institutional computer system.

“This is just bringing us up to best practices,” he said. “This is almost universally being done across the board at every other university in Ohio.”

Randy Ziobert, head of the Tech Desk, said they’ve been testing the program for most of the year.

“We’ve been hammering away at this since February. We rolled this out during SOAR with the SOAR students, and we’ve been using this method almost exclusively to change passwords at the Tech Desk since August,” he said.

There have been several reports recently concerning breaches in security that have resulted in stolen passwords.

In April of this year, an Internet security firm discovered the Heartbleed bug, which allowed hackers to obtain passwords from several prominent websites over the course of two years without being detected.

On Aug. 5, 2014, the New York Times reported that a Russian crime ring had acquired over 1.2 billion passwords from 420,000 websites.

While YSU’s network has not been attacked, events like these have stressed the importance of limiting vulnerabilities.

“One of the simplest forms of security you can have is a regular change of your password,” Schindler said.

Jake Olson, a sophomore at YSU, said he didn’t think the security gains achieved by the system would be significant enough to offset the hassle of changing passwords.

“It’s a definite inconvenience,” Olson said. “I like that they’re trying to keep everything secure, but I’m not for it.”
An email will be sent to all YSU accounts as Sept. 15 approaches to make everyone aware of the change.