Many colleges and universities, including Denison, have been dealing with compromised email accounts over the last few weeks. Once compromised, the accounts are being used to send phishing email, which typically leads to an infected computer if the recipient clicks the link in the email. While no school has yet pinpointed a cause for this increase in compromised accounts, the activity highlights a potential weakness for some of us here at Denison – an insufficiently complex password. Someone attempting to crack a password is likely to start with common password combinations first, which is why it is good practice to use a password that contains a certain degree of complexity.
To help combat the ever increasing sophistication of attacks by cybercriminals, we made some updates earlier this year in how password changes for your BigRedID (e.g. doej @denison.edu) are handled, including an increase in the password complexity required during a password change. While many of you have updated your password since that date, we are writing to encourage those of you who haven’t to visit our password change page to update your password. You can change your password by going to the My Apps tab and selecting “Change my BigRedID password” or, search for “password change” within MyDenison. After changing your password, you’ll also have the option to set up a contact via text message or an alternate email address in case you forget your new password later and need to perform a reset.
Things to know about changing your BigRedID password:
- If you change your password from a Denison-owned PC or Mac, we recommend that you restart your computer after the change so that the workstation has an opportunity to synchronize your account. On a Mac you may receive a prompt to update to your Keychain, which will require you to enter your previous password to complete the change.
- If you are off-campus when you change your password on a Denison-owned computer, you will need to use your old password until you return to campus. Your new password will be synchronized with your computer the first time you connect on campus.
- If you have configured your mobile device to receive Denison email, it should prompt you to enter your credentials the next time it attempts an email synchronization
- For eduroam, most devices will prompt you to enter your new credentials. On some devices you may need to “forget” the eduroam wifi profile and then reconnect to it
Tips for creating a strong password:
- It should be 8 to 16 characters long
- It should contain a combination of at least 3 of the following: uppercase letters, lowercase letters, numerals and symbols
- It cannot include common words or names, spaces, angle brackets or control codes
- It cannot contain your BigRedID or D-number
Common password mistakes to avoid:
Cybercriminals use sophisticated tools to quickly crack passwords, but you can make it much harder for your password to be compromised! DO NOT USE THE FOLLOWING:
- Personal identity information that could be easily guessed or discovered online (ex. pet names, nicknames, birth date, address, driver’s license number)
- Dictionary words in any language
- Words spelled backwards, abbreviations, and common misspellings
- Common letter-to-symbol conversions, such as changing “o” to “0” or, “i” to “1” or “!”
- Sequences or repeated characters (ex. 12345678, abcdefgh, 22222222, or adjacent letters on you keyboard such as qwertyui or asdfghjk
If your password doesn’t meet the complexity requirements listed above, please update your password today!
If you have any questions or require assistance, please contact us at the ITS Help Desk at 740.587.6395 or helpdesk@denison.edu.