Extension Technology and
Computer Services

University of Missouri-Columbia   Extension Technology and Computer Services—ETCS

  July 2002
Vol. 19, No. 3

A Technology Newsletter for Extension Specialists

Computer Terrorism
by John Myers

Hackers are located all over the world, and since we are on the internet, we are accessible. Last week, a person at Caltech in California probed the University System's email system from 7:58 am until 9:02 am. The initial results of this probe locked over half of the email accounts. Users couldn't access their email until their accounts were unlocked. The next day I received a call about missing email. Without asking the user for their password, I made a guess and was able to access their email. Upon further investigation, I found that somehow the messages were deleted between 10:14 am and 10:17 am. It could only have happened in one of three ways: the user deleted the messages; or the user left their computer and email open and someone else used their computer to delete the messages; or a hacker deleted the messages. So we are all at some risk, but here are few ways to keep the risk to a minimum.

One way to protect yourself is to keep your computer up-to-date on critical updates. These are patches to the operating system that hackers can use to gain access to your data. See the Windows Update article in this issue of Inner Circuits for more details on this. Also, make sure your computer has anti-virus software and that it too, is up-to-date.

Your best weapon against hackers is your password. If a hacker knows your username (and they do), and your password, then they have access to everything you have access to. This is why your password is so important. A weak password is a hacker's dream.

So, how do I pick a "good" password? How do I change my passwords? What is the policy on passwords? Later this year, the University will be enforcing a stricter password policy. Here are some guidelines to help you choose a "good" password.

• Passwords should be at least eight characters long.
• Passwords should contain at least one character from each of the following three groups:
  • Letters
  • Numbers
  • Non-alphanumeric such as  !,@,#,$,%,^,&,*,(,),~,<,>,?,etc.

• Passwords should have at least five unique characters
• Passwords should not be words contained in dictionaries
• Your username is a bad password
• Your first, middle or last name in any form is a bad password
• Your license plate numbers, telephone numbers and social security number are bad passwords

I know that these guidelines make it hard to pick a password, but that is what we want. We want to give the hackers a hard time. The best approach I have found for passwords is to use a memorable phrase or sentence, like "I hate this password policy!". If we take the first letter of each word, we've got "Ihtpp!" which is two characters short. Let's insert a symbolic "curse" to make it "Iht&*pp!" which is a "good" password. Hackers are familiar with substitution strategies, so don't take words from dictionaries and substitute the number "0" for the letter "o".

If your email is in the UM-Users domain you can go to http://webmail.umsystem.edu/ and click on "email ID's password" to change your password. If your email is in the UMC-Users domain you can go to https://iats.missouri.edu/passwordchange.html to change your password. Do not use the "Change Password" button when you first start Outlook to change your password.

If you have never changed your password or you have a bad password, I would recommend you pick a good password and change it immediately. Later in the year when the password policy is finalized, processes will be set up to check for weak passwords. If your account is associated with a weak password, your account could be disabled.

© 2005 - Curators of the University of Missouri
DMCA and other copyright information.
All rights reserved.
Contact ETCS