Q&A with Steven Lovaas, IT Security Manager

This policy began on April 1, 2013 so anyone who created a password before then will be required to upgrade their eID to follow the new requirements. Enforcement of the new policy began this month and will run into November to lessen the load on the help desk.

Why is it required for anyone with an eID to change their passwords?


Requiring this password reset is going to change passwords to longer, stronger passwords. General upgrade in strength of security. The old policy allowed for much shorter passwords that are now beginning to show up in lists of compromised passwords around the world.

Why do the passwords have to be 15 characters?

Strength of the password is a balancing act of several variables — length, complexity and the lifetime of the password. These variables play into how easy it is for someone to crack (the password). What we’ve done is balance these variables and by increasing the length we were able to back off on the complexity — so it no longer requires the uppercase, lowercase, numbers or special character requirements.

Do all students have to change their passwords?

This policy applies to everyone on campus, students, faculty, staff — anyone with an eID — to change their password. We are implementing a policy that everyone must change their passwords for once a year.

Collegian Senior Reporter Corrie Sahling can be reached at news@collegian.com.