Enterprise Information Technology Services: Home

access and security

MyID Tools and Information

Frequently Asked Questions

Section 1: Password Security Requirements

  1. What is the UGA “MyID”?
  2. Why do I have to change my MyID password to a “strong” password?
  3. What is a "strong" password?
  4. How do I change my MyID password?
  5. How often do I have to change my MyID password?
  6. What happens if I have saved my MyID password in other applications (Outlook, Internet Explorer, etc.)?
  7. Will I be reminded when my password is going to expire? If so, when and how?
  8. What happens if I don’t change my MyID password before it expires?
  9. What are “grace logins”? What is the number of grace logins allowed?
  10. I am a retiree, do I have to set up a secure MyID password?
  11. I'm in charge of a departmental / organizational MyID. Do I have to set up a secure MyID password for this account?
  12. What should I do if we have accounts in our department that multiple individuals access?
  13. I clicked on "Change Password,” but when I try to put in my new password it tells me "The username or password is not valid." What happened?
  14. Is there a comprehensive list of resources and services using the MyID at UGA?
  15. Can you reuse your current MyID password during a password change?
  16. Could you use part of the existing password in the new password?
  17. What should I do if I have questions not covered in this section of the FAQ?

Section 2: UGA Password Policy FAQ

  1. Why is it beneficial to change passwords every 6 months?
  2. Does the UGA Policy Development Process allow for review by constituents?
  3. How does the UGA Password Policy relate to the work that the ID Management Task Force is doing?
  4. Before being ratified, was the policy reviewed by students, faculty, and staff?
  5. Is there a deadline for all UGA systems to be in compliance with the new password policy?
  6. Will exceptions be allowed?
  7. What are exceptions for?
  8. Why are we required to change passwords?
  9. Where can I access the security policy?
  10. What should I do if I have questions not covered in this section of the FAQ?

Q: What is the UGA “MyID”?
A: The UGA MyID is your sign-on name to access online services at UGA, including UGAMail (email), WebCT (online courses), MyUGA (the UGA portal), and other services. Each MyID has an associated password, which you supply along with your MyID to access these online services.

Q: Why do I have to change my MyID password to a “strong” password?
A: Cyberspace is an environment in which there are ever-increasing risks to institutional data and resources. We are also individually at risk to identity theft. The UGA MyID is being used increasingly as the method of authentication to resources that would potentially give an unscrupulous person access to critical institutional resources. Therefore, the UGA password policy was unanimously approved by the University Cabinet and requires that all UGA MyIDs must have a strong password by February 1, 2007. For more details, go to http://myid.uga.edu.

Q: What is a "strong" password?
A: A strong password meets these guidelines:

  1. Is 8-29 characters long
  2. Contains at least one special character (!, $, #, %, <, etc....)
  3. Cannot be a dictionary word

Q: How do I change my MyID password?
A: Follow these steps:

  1. Go to: http://myid.uga.edu and select the "change password" link on the left.
  2. Input your CURRENT MyID and password.
  3. You will be prompted to fill out your secret question and answer pairs (if you haven't already done so).
  4. You will then be allowed to change your password.

Q: How often do I have to change my MyID password?
A: At least once every 6 months from the last time you changed your password.

Q: What happens if I have saved my MyID password in other applications (Outlook, Internet Explorer, etc.)?
A: Although saving passwords in applications is not a recommended policy, you will have to change the password saved in these applications when you change your MyID password.

Q: Will I be reminded when my password is going to expire? If so, when and how?
A: Email notifications will be sent to users whose MyID passwords are about to expire. There will be up to 6 notification emails sent in the month prior to the password expiring. These emails will help remind you to change your MyID password before it expires.

Q: What happens if I don’t change my MyID password before it expires?
A: If you don’t change your MyID password at least once every six months, then your MyID password will expire. Your account will be granted a small number of “grace logins” after the password expires. This will allow for temporary use of your account. After an account’s password has expired and “grace logins” are used, you must change your password to gain access to MyID services again.

Q: What are “grace logins”? What is the number of grace logins allowed?
A: Grace logins allow you to log into MyID resources after your password expires. Users are granted 5 grace logins. Once all 5 grace logins have been used, MyID services will be unavailable to the user until they change their MyID password on the MyID Web site (myid.uga.edu).

Q: I am a retiree, do I have to set up a secure MyID password?
A: Yes, every MyID user has to set up a new, secure password. All users will be required to change their MyID password at least once every 6 months.

Q: I'm in charge of a departmental / organizational MyID. Do I have to set up a secure MyID password for this account?
A: Yes, every MyID user has to set up a new, secure password. All users will be required to change their MyID password every 6 months.

Q: What should I do if we have accounts in our department that multiple individuals access?
A: Every MyID user has to set up a new, secure password. All MyID accounts will be required to change the password every 6 months. It is not recommended that accounts be used by multiple individuals. If you have this need, we recommend that you use LISTSERV discussion lists (http://www.listserv.uga.edu).

Q: I clicked on "Change Password,” but when I try to put in my new password it tells me "The username or password is not valid." What happened?
A: When you click on the "Change Password" link, you need to put in your MyID and CURRENT password.

Q: Is there a comprehensive list of resources and services using the MyID at UGA?
A: There is not a comprehensive list of MyID resources at this time; however, the following systems utilize the MyID for authentication: UGAmail, WebCT, MyUGA, Student Accounts, Parking Services, PAWS wireless access, UGA Site Licensed Software, UGA Food Services, and UGA Health Services. There are many other services and applications across UGA that utilize the MyID for authentication to department resources and services.

Q: Can you reuse your current MyID password during a password change?
A: You cannot reuse your current password during a password change.

Q: Could you use part of the existing password in the new password?
A: Yes, with a recommendation that at least 3 characters be changed.

Q: What should I do if I have questions not covered in this section of the FAQ?
A: Contact the EITS Help Desk: 706-542-3106 / helpdesk@uga.edu.

Section 2: UGA Password Policy FAQ

Q: Why is it beneficial to change passwords every 6 months?
A: Changing passwords periodically limits the amount of time that an attacker can access an account if he/she has guessed a password.
A: Changing passwords periodically makes password guessing harder.
A: An insider with special knowledge about an individual might be able to guess enough passwords to break into his/her account if the password isn’t changed often.

Q: Does the UGA Policy Development Process allow for review by constituents?
A:The UGA Policy Development Process follows the ACUPA Policy Develop Processes with Best Practices. This process allows for review, maintenance, and feedback. This feedback should be directed to the CISO (infosec@uga.edu).

Q: How does the UGA Password Policy relate to the work that the ID Management Task Force is doing?
A: The UGA Password Policy will be a component of the ID Management System. The UGA ID Management taskforce is currently completing their findings and will publish the report in the near future.

Q: Before being ratified, was the policy reviewed by students, faculty, and staff?
A: The UGA Policy Development Process allows input from individuals, groups, students, faculty, and staff. During the development process the following groups were asked for review and input:

  • Office of Legal Affairs
  • Internal Audit Division
  • Office of the CIO
  • Office of the CISO
  • EITS Leadership
  • UGANet
  • ITMF and ITMF IT-Security Committee
  • ITAC-Information Technology Advisory Council
  • Executive Management Team
  • Faculty Council
  • BOR Security Advisory Group

Q: Is there a deadline for all UGA systems to be in compliance with the new password policy?
A: The UGA Password Policy was effective as of December 2006 and covers all UGA systems.

Q: Will exceptions be allowed?
A: While the UGA MyID passwords must be changed by February 1, 2007, the systems that are not authenticated using the MyID, such as unit servers and network devices may need an exception ruling. Exceptions are covered in the UGA Password Policy, section 4.1, “Exceptions for Non-Compliant Systems”.

Q: What are exceptions for?
A: There are two types of exceptions granted:

Temporary exceptions may be granted for systems that are in the process of being made compliant.

A signed memo must be written from the Unit Level Security Liaison or the Domain Name Liaison, to the UGA Chief Information Security Officer. The memo must contain the following information and be formatted as follows:

  1. Must be on unit letterhead
  2. Must be labeled “BUSINESS CONFIDENTIAL”
  3. Must be submitted by either a Unit Level Security Liaison or Domain Name Liaison
  4. Must have all contact information (name, address, school/administrative unit, UGA telephone contact number, and email address)
  5. Must be CC’d to the department head
  6. Must have accurate date and timestamp
  7. Must include system Identification Information (IP_ADDR and system name)
  8. Must include type of information or data stored on the system
  9. Must include whether sensitive or critical data is stored or processed
  10. Must include a statement indicating that this is a request for a temporary exemption to the password policy that includes the anticipated date the system will be made compliant (MM/YYYY)

Note: Any missing information will delay the exception ruling.

This information must be sent to:

Office of the CISO
220 College Ave
Suite 601
Athens, Ga 30602
Or faxed to:

Attention: UGA CISO
BUSINESS CONFIDENTIAL
706-425-3137

Permanent exceptions may be requested for any system that cannot be made to comply with the UGA Password Policy. The UGA Office of the Chief Information Security Officer will process the request for final approval through the Information Technology Security Advisory Council (ITSAC). If, after UGA Password Policy review, there is still disagreement over a decision, it may be appealed to the Chief Information Officer (CIO) and the Chief Information Security Officer (CISO). The decision of either the CIO or the CISO will be final.

A signed memo must be written from the Unit Level Security Liaison or the Domain Name Liaison, to the UGA Chief Information Security Officer. The memo must contain the following information and be formatted as follows:

  1. Must be on unit letterhead
  2. Must be labeled “BUSINESS CONFIDENTIAL”
  3. Must be submitted by either a Unit Security Liaison or Domain Name Liaison
  4. Must have all contact information (name, address, school/administrative unit, UGA telephone contact numbers, and email address)
  5. Must be CC’d to the department head
  6. Must have accurate date and timestamp
  7. Must include system Identification Information (IP_ADDR and system name)
  8. Must include type of information or data stored on the system
  9. Must indicate whether sensitive or critical data is stored or processed
  10. Must include a statement indicating that this is a request for a permanent exemption to the UGA Password Policy.

This information must be sent to:

Office of Information Security
220 College Ave
Suite 601
Athens, Ga 30602

Or faxed to:

Attention: UGA CISO
BUSINESS CONFIDENTIAL
706-425-3137

Q: Why are we required to change passwords?
A: Over time, passwords may be compromised in many ways:

  • Users may share them with friends or coworkers.
  • Users may write them down, and they may then be exposed.
  • Passwords may be guessed, either by humans or security diagnostic software.
  • The servers that house passwords may be compromised, and their passwords acquired by an intruder.
  • The networks that passwords travel between a user's workstation and servers that the user logs into may be compromised, and passwords may be recorded by an intruder during transmission.
  • Users may be tricked into providing their passwords to intruders via a social engineering effort.
  • To limit the usefulness of passwords that have been compromised, a best practice is to change them regularly.

Q: Where can I access the security policy?
A: The complete security policy can be found at http://myid.uga.edu, under the “Policies” section.

Q: What should I do if I have questions not covered in this section of the FAQ?
A: Contact the Chief Information Security Officer: infosec@uga.edu.