Expired passwords result in 2,511 students locked

By Meghan Webber

Thousands of University students have been locked out of their student accounts after failing to change their passwords.

At the start of each school year, all University students are required to change their student account passwords. If students fail to change their password, it will expire and their account will be locked.

This makes it impossible for students to access any University site that requires a login, including Compass 2g and the University’s wireless network.

Brian Mertz, chief communications officer at CITES, said the annual password change is required to ensure that students are not constantly reusing the same passwords for all of their accounts in an effort to provide protection in the long run.

As of press time, 2,378 students are locked out of their accounts.

“There will always be students that forget their passwords or didn’t set a new password in the required time and therefore get locked out,” Mertz said in an email. “But this is the first time in my 10 years of working at the University that I can remember CITES actively proactively expiring this many passwords all at once.”

For some students, like Dylan Hendricks, changing passwords is more confusing than it is reassuring.

“I changed my student account passwords after receiving an email informing me to do so,” said Hendricks, a sophomore in DGS. “But when I tried to access my financial aid statements, the new password didn’t work. It was really frustrating.”

In addition to the annual password change, students are also required to change their account passwords when security threats arise.

Most recently, students were asked to change their passwords in April due to concerns over a Heartbleed Bug, an error in technology that protects data on the Internet.

“When news of Heartbleed hit we wanted to make sure that everyone’s information was secure,” said Cynthia Yewdall Thackeray, lead security outreach coordinator with the Office of Privacy and Information Assurance. “Because we couldn’t be sure what passwords might have been affected, we wanted to take the safer than sorry route and have everyone reset their passwords.”

To best protect oneself from vulnerabilities, both Mertz and Thackeray recommend having unique passwords for different accounts.

“Hackers know that many people reuse passwords and they take advantage of this. If remembering multiple usernames/passwords becomes hard, we recommend that people use a password manager,” Thackeray said in an email.

Awareness of password changes is necessary to ease frustration for both students and faculty, Mertz said.

“It is important, if at all possible, that students check on the status of their account before the first day of classes,” Mertz said. “Instead of finding out during a crisis that they have been locked out of their account, students should try logging into a CITES service before the start of classes to make sure that their password still works.”

Meghan can be reached at [email protected]