The Student News Site of University of Arizona

The Daily Wildcat

97° Tucson, AZ

The Daily Wildcat

The Daily Wildcat


    Mandatory password changes to NetID aimed at styming hackers

    What some students may see as a hassle could save their private information.

    All students, faculty and staff with UA NetID’s must change their passwords on a rolling schedule starting Feb. 11.

    The mandate stems from increasing reports of passwords that have been compromised, e-mail accounts broken into and hackers who have gotten inside the campus network though a virtual private network that allows you to connect to the UA from an off-campus computer, said Michael Torregrossa, director of computing services for University Information Technology Services.

    “”We’ve seen several reports where people have gotten in using compromised NetID passwords,”” he said.

    He said UITS is implementing new requirements like this one in hope of keeping hackers at bay.

    NetID passwords are used for a slew of UA student services, including WebMail, Student Link and D2L.

    Students can test the strength of their new passwords before selecting one. Passwords are good for 45, 90, 180 or 360 days based their strength.

    A strong password is greater then eight characters, uses upper and lower case letters, and numbers, special characters or spaces, Torregrossa said.

    He recommends that people use a “”pass-phrase,”” a sentence complete with capitalization, spaces and punctuation.

    With this new system, every student will have to change their password at least once a year.

    “”The reason for periodic changes is that we estimate hacking tools and techniques will continue to advance,”” Torregrossa said. “”So what’s considered strong today might not be strong next year.””

    There has always been a password-strength requirement for NetIDs, but hacking techniques and programs have advanced over the years, Torregrossa said.

    “”What was considered strong six or seven years ago is no longer considered strong,”” he said.

    NetIDs are kept for 18 months after a student or employee leaves the UA.

    If a password isn’t changed by its expiration date, it will expire and the user won’t be allowed to log in.

    Torregrossa said a screen will warn users two weeks in advance that their password is about to expire, and give them a link to a Web page to change their password.

    If they miss the deadline, they will be directed to another page to get a new password based on security questions.

    Since UITS sent out the first message about the change, more than 4,800 people have changed their password, of whom 4,200 selected passwords good for 360 days, Torregrossa said.

    There are approximately 70,000 NetID’s in existence, he said.

    Students must also face one more obstacle after changing their password.

    After Windows XP users change their NetIDs, they need to configure their wireless connection to be allowed back on UA WiFi, Torregrossa said.

    He said the problem should pertain only to XP users, but that workers at the Office of Student Computing Resources have found there can be problems with other operating systems as well.

    “”I don’t know if people know it’ll break their wireless,”” said Garret Picchioni, a computer engineering junior and two-year OSCR employee. “”In reality, (the password-change) affects all operating systems.””

    XP users need to edit their registry to get back on the secure UA WiFi after changing their password, said Saba Tabikh, computing manager of OSCR.

    Students can find instructions on the OSCR Web site,, she said.

    “”We’re here to assist students that have problems,”” Tabikh said.

    OSCR is planning on adding a help page for Windows Vista and Mac users to troubleshoot any problems they may be having accessing UA WiFi, she said.

    As a technician who helps students on a walk-in basis in the OSCR Underground, Room 136 of the Manuel T. Pacheco Integrated Learning Center, Picchioni has seen several computers with puzzled owners.

    “”It can seem overwhelming,”” Picchioni said.

    He said students should deal with the problem themselves based on their comfort level. He called the online instructions “”straightforward,”” but added students should come get help if they feel scared.

    “”The changes are relatively minor,”” he said. “”But it’s an inconvenience, nonetheless.””

    More to Discover
    Activate Search