Username and password combinations are the most frequently used access control mechanism on campus. It is the primary mechanism for assuring the privacy of your information and preventing others from using your computer account for disruptive, offensive or illegal activities. The goal is to balance security with convenience.
Protecting the University's computer environment and you from abuse are the primary goals of password security. This information and the password guidelines are meant to provide information on the reasoning and methods for governing passwords. They describe some procedures that ICT has instituted to help you protect your computer account from unauthorized use and suggested good practices. This information has been authored with feedback from Security Services and Audit Services.
This information is applicable to everyone who has or is responsible for a computing account at the U of S. This includes all personnel who have or are responsible for an account (or any form of access that supports or requires a password) on any system that resides within the University of Saskatchewan environment or has access to the University of Saskatchewan network.
For information on creating a good password, read the password guidelines.
Having a username and password can give you access to many IT services including PAWS, e-mail, Egrades, wireless network, etc. Using your account to access these services is attractive to people who would like to have unrestricted access for activities such as sending large batches of unsolicited e-mail (commonly referred to as "spam"), illegally distributing pirated software, pornography, lists of stolen login/password pairs, running programs to "crack" passwords, or disrupting computer and network operations both here and at other sites.
These events are not just possibilities; they have occurred and continue to happen at the University of Saskatchewan. Dealing with security incidents like these consumes considerable staff time, will involve a criminal investigation and can disrupt computing and network services for everyone in the U of S community. Preventing these events is everyone's responsibility.
Keeping your password secure is your primary method to prevent your computer and/or server account from being used for unauthorized activities and for protecting your data, the network and other systems at the University from abuse. Because of this, ICT has taken many steps to protect passwords on ICT servers:
In spite of these precautions, people who want access to services can often obtain passwords in a number of different ways:
If an account or password is suspected to have been compromised, report the incident to any one of these units: Security Services, Audit Services or the ICT Help Desk
Guidelines are available to help you choose a strong password.
Passwords on many ICT servers are set to expire after they have gone unchanged for a period of time. Password expiration cannot be enforced for some services and it is up to you to change your password frequently. Access to accounts with expired passwords may be restricted. After a password expires, full access to the account may be regained by changing the password. If you forget to change your password before it expires, your account will be locked. Locked accounts cannot be accessed until the ICT Help Desk unlocks them.
These necessary restrictions, partially address two issues:
Many servers believe that someone is trying to maliciously break into your account after several failed login attempts. In this case, the server will automatically lock your account. Once an account has been locked it cannot be accessed, even with the correct password until it has been unlocked.
If you think you may have locked your account, you will need to come in person to the ICT Help Desk. Please bring University issued photo identification along with you.
Posted December 10
Posted November 28
Posted November 25
Posted November 21
More ICT Announcements »