Enterprise Information Technology Services Press Release
The University of Georgia
Athens, Georgia

Monday, December 11, 2006

WRITER: Bert DeSimone, bert@uga.edu, 706-542-5359
CONTACT: Jeff Teasley, jteasley@uga.edu, 706-542-5359

MyID security enhancements scheduled for January - February 2007 implementation

ATHENS, Ga.— The University of Georgia MyID, which is used by students, faculty, and staff to access online services, will be undergoing a security overhaul early 2007. The MyID with associated password is used to access enterprise services, including UGAMail, WebCT, and MyUGA, and a number of departmental services. Due to the widespread use of the MyID at UGA, it was determined that a review be conducted regarding MyID usage.

Many security experts agree that a significant security enhancement is the requirement for strong passwords. Strong passwords include special characters (%, $, etc.), numbers, and no dictionary or easily guessed words.

"Passwords are the first line of defense for users and systems," said Stanton Gatewood, UGA's Chief Information Security Officer. "Passwords should be something easy to remember, but hard to guess."

Along with stronger passwords, MyID users will also be required to set answers to secret questions. These secret question/answer pairs will be used to provide additional verification of a user's identity for security-sensitive Web applications. The University continues to build more Web-enabled applications that rely upon the MyID for access, and the secret question/answer pairs will provide a greater level of security for protecting private information.

The secret question/answer pairs will also be used to reset forgotten passwords.

In addition, and in accordance with a new University policy, MyID passwords will have to be changed every six months.

"The strong password requirements, and the requirement to change passwords, are supported by a new University of Georgia password policy," said Dr. Barbara A. White, UGA's Chief Information Officer and Associate Provost. "The University's administration is committed to information security, and protecting our information assets. The ratification of this policy by University Cabinet is testimony to that commitment."

The password policy that Dr. White is referring to, as well as other policies related to information security, can be found on the Web site for the UGA Office of Information Security:

http://infosec.uga.edu/policies

"The University community has a responsibility to be diligent in protecting its online data, and that protection begins with the use of strong passwords and active protection of passwords by users," said Holley Schramski, UGA Associate Vice President and Controller.

The Controller's Division and other Finance and Administration units are developing more Web-enabled applications, many of which include financial and personal information requiring a high degree of security for access. One such application is electronic payroll advisements (e-stub). These are currently delivered via email but will be accessible on the Web in February 2007. In order to make delivery of this information more secure, users will be required to use both their MyID and secret question/answer pairs to access the e-stub Web site.

The strong password implementation schedule is as follows:

• January 2, 2007—MyID users can begin changing their passwords to comply with the standard. Details regarding this standard are available on the MyID Web site:

  https://myid.uga.edu

  In general, all passwords will have to be at least 8 characters in length, contain 1 or more special characters (!,@,#,$), and contain no dictionary words.

• February 1, 2007—All passwords must be changed between January 2 and Janaury 31. Anyone who has not changed his/her password by this date will not be able to access any services which require the MyID for access.