Skip to Navigation
University of Pittsburgh

January 10, 2013

New passwords required for Pitt accounts

If “quit procrastinating” is on your list of New Year’s resolutions, Computing Services and Systems Development (CSSD) has a nudge for you —  at least as far as computer security is concerned.

CSSD is phasing in a new requirement that faculty and staff change their pitt.edu password at least once every 180 days.

The requirement was implemented last year for students, who now must change their passwords at least once per term, said Jinx P. Walton, chief information officer and CSSD director.

And while CSSD has encouraged faculty and staff to change their passwords frequently, now it will be required — both as a matter of best practices and as an additional layer of security for University computer users.

Walton said that faculty and staff who have not changed their password recently will be the first ones subject to the requirement, which will be rolled out over the course of the spring term.

She said the process is expected to begin in February. Users will be prompted to change their password about two weeks before they will be required to do so. Those who ignore the reminders eventually will find themselves unable to log into the Pitt system until they complete the password change process.

Walton said passwords must contain at least eight characters and include at least one number and one special character.

Details on password requirements can be found at www.technology.pitt.edu/account/passwords/pass-change.html.

The new requirement is just one aspect of multiple lines of defense when it comes to computer security, Walton said.

She noted that while spam messages now represent a smaller proportion of email messages overall, the percentage of malicious messages has risen.

And computer criminals’ tactics have changed. Rather than targeting executives, they now are aiming for easy marks across organizations in their phishing attempts.

What’s more, she said, phishing emails have gotten more realistic looking, all in hopes of tricking users into giving up valuable information.

Social networking sites increasingly are being targeted, she said, adding that if an individual uses the same password for social media sites as for banking or other accounts, important information could be at risk should that password be compromised.

“We encourage people not to use the same password for everything,” Walton said.

She acknowledged that remembering multiple passwords can be problematic, but free password management tools are available. Pitt users can access a free download of KeePass Password Safe through the software section at technology.pitt.edu.

The tool allows users to maintain a database of all their passwords, kept secure under one master password. Walton said KeePass is compatible with Mac, Windows and Linux and that a mobile application is available.

—Kimberly K. Barlow

Filed under: Feature, Volume 45 Issue 9

Email This Post Email This Post