- Get help
- Services
- Announcements & alerts
- Service outages
- Security alerts
- Major initiatives
- Using automation to drive efficiency and innovation at 間眅埶AV
- Welcome to the new 間眅埶AV Mail: now faster, secure, intuitive
- Reintroducing IT ServiceHub: Your One-Stop IT Support Platform
- Supporting 間眅埶AV's Digital Transformation with Exchange Online
- Important changes to 間眅埶AV email practices
- Transforming the 間眅埶AV experience through digital improvements - Key Initiatives in Progress
- Jovanna Sauro wins 間眅埶AV Personal Achievement Award
- Improve your cellular coverage by enabling WiFi Calling
- New committee guides transformative changes at 間眅埶AV
- Expanded identity options for students within 間眅埶AV applications
- 間眅埶AV works toward keeping devices out of landfills
- A journey to improved WiFi
- Help us, help you, connect to better WiFi
- IT Services' new support system: ServiceHub
- Information Security Essential Courses
- IT Services leadership announcement
- University Wide Password Change Initiative
- April 2021 technical issue
- Telephone System Core Infrastructure Upgrade
- Decommissioning fraser.sfu.ca
- About
- Information security
University Wide Password Change Initiative
There has been an incremental rise in cybersecurity incidents globally, including a more than double increase in those aimed towards higher education institutions.
As part of 間眅埶AVs overarching IT security strategy and continued work to improve our systems, we will be conducting a university wide password change initiative as part of an annual implementation plan.
Changing your 間眅埶AV Computing ID password, along with other security initiatives such as Multi-Factor Identification (MFA), is another way we can enhance our ability to counter cyberattacks and better protect the 間眅埶AV community.
Beginning in mid-August 2021 and rolling out in phases, the 間眅埶AV community will start to receive a prompt to change their password. Please follow the instructions at that time. When it comes to security, you are the first line of defense. Thank you for doing your part
FAQs
Whats happening?
- There has been an incremental rise in cybersecurity incidents globally, including a more than double increase in those aimed towards higher education institutions.
- As part of 間眅埶AVs overarching IT security strategy and continued work to improve our systems, we will be conducting a university wide password change initiative as part of an annual implementation plan.
- Changing your password, along with other security initiatives such as Multi-Factor Identification (MFA), is another way we can enhance our ability to counter cyber attacks and better protect our 間眅埶AV community.
- Beginning in mid-August 2021 and rolling out in phases, you will start to receive a prompt to change your password. Please follow the instructions at that time.
Who is impacted?
This password change initiative will be conducted across the university and will impact all 間眅埶AV students, staff, faculty, alumni and retirees with an active 間眅埶AV computing ID.
When is this taking place? What are the timelines?
Beginning in mid-August 2021 and rolling out in phases, you will start to receive a prompt to change your password. Please follow the instructions at that time.
You will be asked to change your password every 12 months from the date of your last change.
How will this roll out?
- Password changes would be implemented in phased rollouts with approximately 2,500 間眅埶AV staff, faculty, students, alumni and retirees being asked to update their password at any one time.
- Those with the oldest passwords needing to be changed will be prompted to make the reset first.
- More information on domain wide password change work as part of initiatives to strengthen 間眅埶AVs IT security systems can be found at /information-systems.html
Why are we doing this? Why now?
- There has been an incremental rise in cybersecurity incidents globally, including a more than double increase in those aimed towards higher education institutions.
- We will be rolling out this university wide password change initiative as part of 間眅埶AVs overarching IT security strategy and continued work to improve our systems.
- Changing your password, along with other information security initiatives such as Multi-Factor Identification (MFA), is another way we can enhance our ability to counter cyber attacks and better protect 間眅埶AVs systems and data.
- The practice of regularly changing your 間眅埶AV computing ID password is a key action you can take to help support the safety of 間眅埶AVs systems and data. Thank you for doing your part.
- Also, unfortunately, MFA is not yet on every system.
- For instance, when you log into your desktop/laptop, it is only 間眅埶AV computing ID/password. The same goes for email as well - except via Outlook Online along with some other major applications.
- Our goal is to have all areas covered by MFA, however, this is likely 18 to 24 months out.
- Password changes will be an additional security measure we can take in the meantime.
Didnt we change our passwords at the last cyberattack notification in 2019 Have they been breached again?
- The practice of regularly changing your 間眅埶AV computing ID password is a key action you can take to help support the safety of 間眅埶AVs systems and data.
- Passwords have not been breached. We will be rolling out this university wide password change initiative as part of 間眅埶AVs overarching IT security strategy and continued work to improve our systems.
If someone has recently changed their password, do they have to change it again now and why?
- As the initiative will be rolling out in phases, we will not need everyone to change their passwords at the same time (well start with the oldest passwords, working our way to the newest). If your password was recently changed, you will be in a later group and can expect to be prompted to make a change to your password at a later time.
- The practice of regularly changing your 間眅埶AV computing ID password is a key action you can take to help support the safety of 間眅埶AVs systems and data.
Are passwords at risk because of the recent July 9, 2021, IT outage?
- No, passwords are not at risk due to the July 9, 2021, IT outage.
- We will be rolling out this university wide password change initiative as part of 間眅埶AVs overarching IT security strategy and continued work to improve our systems.
What will happen if an individual is away on extended leave? Will they be locked out?
If individuals are away for a known extended absence when their password reset occurs, when they come back, the IT Service Desk will be equipped to help recover passwords and assist them to make the change.
If I have challenges changing my password, will there be help available?
Yes, if you need assistance with your changing your password, please contact IT Services at its-help@sfu.ca or call 778-782-8888.
Why cant we just rely on MFA to protect user accounts instead of changing our passwords?
- While MFA helps to reduce the risk of malicious activity by requiring a separate method of verification, there are many services that cannot yet benefit from this type of security enhancement, like applications such as email, Remote Desktop Protocol (RDP) and WiFi.
- Strengthening our account management policies helps to reduce the risk to these non-MFA protected applications. However, for the time being, we still need password protection and the practice of regularly changing our passwords in order to enhance our ability to counter cyber attacks and better protect the 間眅埶AV community.
Why are we implementing a password change initiative when it is no longer considered best-practice?
- Changing passwords regularly and implementing a password expiry date helps to limit the use of compromised accounts by attackers for malicious activities. In an effort to provide better account management while adhering to the spirit of best practice guidance, a reset interval that is longer than 90 days but shorter then never is being put into practice. As 間眅埶AV staff, faculty and students often hold onto their computing ID accounts for life, regularly changing passwords can help mitigate risks for our 間眅埶AV community members.
Hasnt research shown that bad passwords can be cracked easily by attackers and so changing passwords is useless?
- The one thing we know about the threat landscape is that it is ever changing. During the pandemic, attacks have been increasing in volume and sophistication.
- As attacks and the sale of organizational data become increasingly more common, it is important to review our community accounts, such as our 間眅埶AV Computing IDs, and find ways we can protect better against attacks.
- The practice of regularly changing your 間眅埶AV computing ID password is a key action you can take to support the security of 間眅埶AVs systems and data.
- We also have a state of the art password system that helps users change their password securely and easily, providing as much protection as possible.
Who should I contact with questions or for more information?
- More information on domain wide password change work as part of initiatives to strengthen 間眅埶AVs IT systems can be found at /information-systems.html.
- If you need assistance or have questions about your password reset, please contact IT Services at its-help@sfu.ca or call 778-782-8888.