Project Planning Team
Executive Sponsor: Anne Milkovich, CIO
Project Sponsor: Anne Milkovich, CIO
Project Manager: Mark Clements, Director of Information Services
Technical Lead: Richard Montano, IT Data Security Specialist
Project Advisor: Victor Alatorre, Director of Infrastructure
Technical Team Members: Dan Petersen, Christian Beck, Eamon Bauman, Michael Brunn, Michelle Loker, Ricky Johnson, Laura Knaapen
- Over 8,000 students, staff, and/or faculty have changed their passwords.
- Notices have been sent to emeriti faculty and staff with password instructions.
- Employee account locks begin February 5.
Authentication Security Policy
UW System has provided all UW campuses with five Administrative Policies and three Procedures on Information Security. These policies and procedures are mandatory for all UW campuses. The five policies and three procedures are listed on the IT Policies web page. This project deals with the policy on Authentication.
Authentication is the process by which computer systems verify the identity of a user. This is typically done by providing a username and password. The purpose of this policy is to “set the minimum standards for authentication and authentication management across the University of Wisconsin System.” The intent is to safeguard the access to information assets. The specifics of the policy rely on adherence to National Institute of Standards and Technology (NIST) authentication standards.
The policy covers three levels of data: low risk, moderate risk, and high risk. IT will approach this project in three phases. One for each level of data risk. Phase 1 of this project is to address the requirements for low risk data. The primary authentication account for UW Oshkosh is referred to as the NetID. These are the credentials used to access campus computers, campus wireless, digital learning environment, library resources, and most other enterprise level systems. The project does not include changes to authentication requirements for campus email (Google Apps).
While UW Oshkosh’s NetID meets many of the requirements for low risk data, there are two areas that will be addressed:
- Password length
- Periodic password reset
Current password length is a minimum of eight characters. The new standard will be twelve. The other complexity standards remain:
- it cannot include your username
- it cannot be the same as a password used previously by the user
- must contain at lease three of the following
- Uppercase letter
- Lowercase letter
- Special character
UW Oshkosh has never forced periodic password changes for NetID. The new standard will be to do so every 180 days.
WARNING: You need to set your phone and other mobile devices to forget the Titan Wifi network BEFORE you change your NetID password in order to prevent it from attempting to authenticate with your old password. After you change your password you can add Titan Wifi back again.
- Emeriti faculty and staff have been notified of the password requirements.
- 8,002 accounts have changed their password so far.
- Notification will be going out to campus that the voluntary password reset period is ending.
- Employee accounts that haven’t changed their password will be locked beginning February 5.
- Student account locks will begin February 19.