Authentication and Passwords

New Password Standards

Passwords found on hacked websites are dumped onto Darknet databases nearly every day. Hackers then “look up” encrypted passwords or utilize “brute force guessing” to crack short passwords. To combat these hacking techniques, new industry standards require us to:

  • Use longer, better passwords.
  • Implement multi-factor authentication.
  • Change passwords only when necessary.  

 

Good vs. Bad Passwords

A good password should be easy to remember, yet hard to guess. Passwords that have at least 16 characters in length eliminate about 90% of the “hacked database” passwords as well as the possibility of using a brute force guess attempt. 

When making your new password, try combining several words into a passphrase that has 16 characters. Create a unique passphrase for each website you use (like my.uvu.edu), because reusing the same one for multiple accounts is risky.    Passphrases are simple sentences or word chains based on things that are easy to remember but hard to guess.  examples are “I have owned 5 cars in my life” or using PASSword – “PeachesApplesSugarSalt”.

Bad passwords contain:

  • Information related to you that is easy to look up (like phone number, birth date, license plate number, spouse name, pet name).
  • Dictionary words or phrases from books, films, poems, songs, famous speeches, etc. (in any language).
  • Words with simple methods, such as: using the same word backwards, joining two words, or two words with a punctuation character in between (e.g., Elponitnatsnoc, yenoh, eipragus, yellowtiger, regitwolley, cat?dog, star!search).
  • Numbers in an easy sequence.

If you have trouble remembering passwords, try using a password manager like LastPass, 1Password, or Dashlane. These password managers generate a random password for each visited website. You only need to remember the master password. The tool will generate and keep track of the others.

 

Starting July 1, 2019, UVU will implement an updated set of Password Standards to be enforced when your password expires as follows:

Guideline

Old  UVU Password Standards

Updated UVU Password Standards

Checked against “Hacked/Bad Database”

No

Yes; not allowed if found

Must be changed/Frequency

Yes/Annually or when hacked

No/Only when hacked or found on “Hacked/Bad Database”

Minimum Length

8 characters

16 characters

Upper Case Letters

At least one

At least one

Lower Case Letters

At least one

At least one

Numbers

At least one

Encouraged, not required

Special Characters

At least one

Encouraged, not required

 

When your password expires between now and October 31, 2019, you will need to comply with these new standards. We strongly encourage you to change your password as soon as possible. Keep in mind that it could be the last time that you will ever have to change it. 

Changing Your Password

Checking against the “hacked database” and setting a new password takes less than a minute and can be done as follows:

 1.  To change your password, first login to myUVU. Next, click on your name (upper right), then click the "gears" icon (user settings), and then select the UVU Password Manager. A new tab will open, and you will be prompted to sign in with your UV ID and password. Once you are logged in, click on the Change Password option. It will take you to a screen similar to this one below:

 Change Password screenshot

2.  Type in the new password you want to change to (note that the actual characters will not be displayed, but will be masked by the • symbol).  When you pause typing, the system automatically checks to determine the validity of the password.

 

3.  You will see one of the following prompts (errors are highlighted in blue; valid password prompts are highlighted in pink):

  • New password is too short
  • New password is too obvious (meaning it can be easily guessed or hacked)
  • Password is known to be vulnerable.  Please pick a different password (meaning it was found on the “Hacked Database”)
  • New password does not have enough upper case letters (meaning you must have at least one upper case letter)
  • New password does not have enough lower case letters (meaning you must have at least one lower case letter)
  • Password is the same as the current password
  • Password meets requirements, please type confirmation password (meaning you can then Tab to or Click in the Confirm Password field to continue)

 

4.  Once you have created a password that meets requirements, you must then retype the new password into the Confirm Password field. You cannot copy and paste from the New Password field into the Confirm Password field; it must be typed again. You will see one of the following prompts (unlike step 3, errors are in pink):

  • Passwords do not match (meaning that they are not the same and cannot be confirmed)
  • New password accepted, please click change password (highlighted in orange)

5.  You can then click on Change Password to complete the process or click Cancel to exit without changing the password.

6.  You will receive a confirmation once your password has been successfully changed.

Plan for Campus Rollout

Passwords that are not compliant with the new standards will expire as their “yearly update” time comes up in October 2019. If your password expires, it will be automatically changed to a secure password, which must then be changed with the password reset process when you next sign in to myUVU. If you need further assistance, contact the Service Desk.