Chelsea Langevin – Senior reporter. After two confirmed incidents of stolen CatNet IDs last year, Integrated Technology Services will require Linfield students, faculty and staff to change their passwords by the end of November.
Irv Wiswall, chief technology officer, said ITS developed its new password system last summer after exploring the confirmed cases of CatNet ID theft.
“We suspected that this was happening,” Wiswall said.
When one of the students could no longer login to his CatNet because it had been reset, Wiswall said he knew ITS needed to increase security immediately.
To understand the severity of the case, Wiswall said he used the student’s password to search his ID online. Within seconds, Google posted results of the ID and password on several foreign-language Web sites.
“Anyone who ran across them would have the keys to the kingdom,” he said.
Not only could someone access the numerous library databases that Linfield has contractual arrangements with, he or she could also reset the user’s information, Wiswall said.
“People have become more sophisticated in gathering passwords,” he said.
In response to this growing security threat, ITS will require that Linfield students, faculty and staff change their password every 26 weeks, Wiswall said.
ITS also changed the minimum number of password characters from six to eight, which must include at least one upper case and one lower case letter.
For those who have grown accustom to a single password for all their online memberships, it may be frustrating to create a new, unfamiliar password. However, Wiswall said he advises students to use the same password and change the first letter to capital. When it is time to create a new password, change the second letter to a capital.
Ideally, the best password would be something meaningful and unique, Wiswall said.
Even clever passwords, however, are susceptible to hackers and phishers.
“Some day, passwords will work with something that’s reliable and biometric, like scanning a retina,” Wiswall said.
For senior Cem Kuleli, simply changing a password does not address CatNet’s other security problems.
Kuleli said that Microsoft Exchange compromises security because it requires people to close their browser to log out entirely.
“In a shared computer, this can create a real problem,” he said.
However, Kuleli said he recognizes the importance of creating a secure password.
“If you have some random pattern that doesn’t make sense, the password will be stronger,” he said.
In order to provide enough time for the Linfield population to change its passwords, ITS began notifying the campus with e-mail messages that it will continue to stagger for the next six weeks.
As of Oct. 12, 298 people have already changed their CatNet passwords, Wiswall said.
To change your CatNet password, visit the Linfield home page or the Current Students page, go to the “Quick Links” drop box and click “Change your CatNet Password.”