CITES revamps password authentication system

By Paolo Cisneros

Officials at Campus Information Technologies and Educational Services, also known as CITES, have recently revamped their network’s Bluestem system to increase security for users.

Bluestem, a service that allows students and faculty to log in to highly secure Web sites, is the primary authentication service for all three University campuses.

“What it allows you to do is authenticate the fact that you are who you say you are,” said Mike Corn, director of Security Services and Information Privacy at CITES. “If you think of your password as an ID, Bluestem is the service that checks that ID out and makes sure it’s legitimate.”

The changes to Bluestem come at a time when CITES is working to make its password-protected services more manageable and secure.

“This is the Bluestem’s first major face lift in nearly 15 years,” Corn said.

    Sign up for our newsletter!

    “Some of the changes are purely cosmetic, but a very large part of everything we’re doing is being done in an effort to increase security to prevent people from hacking into accounts and that sort of thing.”

    These changes to the CITES systems, however, often go unnoticed by the very people they benefit the most, said Ryan Wildy, junior in LAS and a CITES employee.

    “I worked a little over winter break, and so far I haven’t gotten any comments about the changes, positive or negative,” Wildy said.

    The aspect of the changes that most students have noticed is the new look of the Net ID login page, Wildy added.

    Corn said that although the login page may look different, it will function the same way it did before the changes.

    Some of the less-noticed changes include the new ability for people to access some CITES services by logging in with either their Net ID or their campus Active Directory password.

    “This doesn’t really affect students a whole lot because they don’t really use the Active Directory password,” Corn said.

    “That’s something that’s going to benefit faculty and staff more than anyone else. That flexibility is something departments have been (requesting) for some time now.”

    Such changes, Corn said, are part of CITES’ effort to one day make all of its services available by using a single password.

    “We’re always looking to minimize the number of passwords people have to deal with,” he said.

    He added that CITES offers services that allow members of the campus community to sync passwords – reducing the number they are required to have memorized – as well as a service that allows people to retrieve their passwords should they forget them.

    Corn said that as important as those services are, the primary reason behind CITES’ recent overhaul of Bluestem is to ensure that student and faculty security is consistently assured.

    “We see hundreds of password cracking attempts per day on this campus,” he said. “We don’t have passwords cracked on this campus.”

    CITES password services

    • Password Vault: a program that stores passwords on most any kind of computer. A master password makes an unlimited amount of other passwords available.
    • CITES Password Home Page: allows uses to sync and reset all CITES passwords. passwords.cites.uiuc.edu
    • CITES Guide to Passwords: answers to the most common password questions. cites.uiuc.edu/passwords

    Source: passwords.cites.uiuc.edu