Please change your passwords
Dear University Faculty and Staff,
In today's interconnected world, it has become increasingly critical to prioritize strong and unique passwords for the various vendor accounts we utilize. We often find ourselves using vendor-specific platforms and services that require login credentials. While it may be convenient to reuse the same password across multiple accounts, this practice poses significant security risks.
By using the same password for multiple vendors, we create a single point of failure. If one vendor's security is compromised, the attackers could potentially gain access to all other accounts using the same credentials. This could lead to unauthorized access, data breaches, and compromised systems. Therefore, it is essential to employ unique passwords for each vendor login.
On Thursday May 11th Regis was impacted by such a scenario. An online platform called SchoolDude, used nationally by educational institutions including Regis Physical Plant for placing and tracking maintenance work orders was compromised. This resulted in the loss of an unknown number of username/email addresses and their corresponding passwords.
Because there is a high propensity of password reuse with vendor credentials, Information Technology Services is asking all Faculty and Staff to change their Regis password as soon as possible.
To reset your password please go to: https://passwordreset.microsoftonline.com/. View instructions.
To help you construct strong and unique passwords, here are some best practices to consider:
- Complexity: Use a combination of uppercase and lowercase letters, numbers, and special characters to create complex passwords that are difficult to guess.
- Length: Aim for passwords that are at least 10 characters long. Longer passwords are generally more secure.
- Avoid Personal Information: Do not include personal information such as names, birthdates, or addresses in your passwords. Hackers can easily obtain this information through social engineering or public records.
- Avoid Dictionary Words: Avoid using common dictionary words or easily guessable combinations. Instead, consider using passphrases or random combinations of words.
- Password Managers: Consider using a password manager tool that securely stores your passwords and generates unique and strong passwords for each vendor login.
- Browsers such as Edge, Chrome, Safari, and Firefox are not password managers and although they may offer to save your password for you this is not safe to do.
We would also like to inform you that our institution is currently in discussions regarding the implementation of a password change policy. This policy will aim to enhance the overall security of our systems and accounts by ensuring regular password updates. We understand that password changes can sometimes be inconvenient, but they are an essential measure to protect our valuable resources and data.
We appreciate your cooperation and adherence to good password practices. Protecting the confidentiality, integrity, and availability of our systems and information is a shared responsibility. Together, we can significantly mitigate the risk of unauthorized access and protect the university's assets.
If you have any questions, concerns, or suggestions regarding password security or the upcoming password change policy, please do not hesitate to reach out to the ITS Help Center (303) 458-4050. We value your feedback and input as we work towards a more secure digital environment.
Thank you for your attention and commitment to safeguarding our university's digital assets.
Sincerely,
Chuck Steigerwalt
Regis University | Director Information Security/ Information Security Officer