Select Page

Project Planning Team

Executive Sponsor: Anne Milkovich, CIO

Project Sponsor: Anne Milkovich, CIO

Project Manager: Mark Clements, Director of Information Services

Technical Lead: Richard Montano, IT Data Security Specialist

Project Advisor: Victor Alatorre, Director of Infrastructure

Technical Team Members: Dan Petersen, Christian Beck, Eamon Bauman, Michael Brunn, Michelle Loker, Ricky Johnson, Laura Knaapen

 Contact IT

  Hours: M-F 7:30AM - 4:30PM
  Phone: (920) 424-3020
  Email: helpdesk@uwosh.edu

Status: 11/13/17

  • Training materials are ready.
  • Open lab sessions to assist with password changes have been scheduled.

Authentication Security Policy

UW System has provided all UW campuses with five Administrative Policies and three Procedures on Information Security. These policies and procedures are mandatory for all UW campuses. The five policies and three procedures are listed on the IT Policies web page. This project deals with the policy on Authentication.

Authentication is the process by which computer systems verify the identity of a user. This is typically done by providing a username and password. The purpose of this policy is to “set the minimum standards for authentication and authentication management across the University of Wisconsin System.” The intent is to safeguard the access to information assets. The specifics of the policy rely on adherence to National Institute of Standards and Technology (NIST) authentication standards.

The policy covers three levels of data: low risk, moderate risk, and high risk. IT will approach this project in three phases. One for each level of data risk. Phase 1 of this project is to address the requirements for low risk data. The primary authentication account for UW Oshkosh is referred to as the NetID. These are the credentials used to access campus computers, campus wireless, digital learning environment, library resources, and most other enterprise level systems. The project does not include changes to authentication requirements for campus email (Google Apps).

While UW Oshkosh’s NetID meets many of the requirements for low risk data, there are two areas that will be addressed:

  1. Password length
  2. Periodic password reset

Current password length is a minimum of eight characters. The new standard will be twelve. The other complexity standards remain:

  • it cannot include your username
  • it cannot be the same as a password used previously by the user
  • must contain at lease three of the following
    • Uppercase letter
    • Lowercase letter
    • Number
    • Special character

UW Oshkosh has never forced periodic password changes for NetID. The new standard will be to do so every 180 days.

WARNING: You need to set your phone and other mobile devices to forget the Titan Wifi network BEFORE you change your NetID password in order to prevent it from attempting to authenticate with your old password. After you change your password you can add Titan Wifi back again.

Recent:

  • Training materials have been created.
  • Open lab sessions have been scheduled.

Next:

  • Campus announcement encouraging voluntary compliance.
  • Schedule set for those who haven’t used the voluntary opportunity.