Information Security Projects

UCit/InfoSec Projects - Identity Management (IDM)

UCit is working on a series of projects to enhance identity management at UC. These projects will bring strong wins for those who use IT systems at UC — and those who support those systems.

Please explore the links below for a summary of each of these projects.

• What is happening next? When? What does it mean to me?
• Systems connected to the central directory (ID Vault)

• Password Self Service (PSS)
• Directory Sync (DirSync)
• Strong Password Requirements
• More

What is happening next? When? What does it mean to me?

The University of Cincinnati is constantly working to improve the online campus experience for everyone at UC.  Currently we are working on several projects to improve identity management.  Next up:

/-- Draft --/ UC to Embrace Strong Passwords - Coming mid-summer 2008
 
There is currently a significant weakness in UC’s information security infrastructure, many systems at UC will accept nearly any user-created password. UCit is correcting this through the initiation of a requirement to only accept strong passwords. A strong password is not listed in the dictionary, uses more than the standard lowercase alphabet, and is at least eight characters long. A recent audit of passwords in use at UC indicated that commonly used passwords were a standard English word of only four or five characters. Someone using freely available password crossing software can break such passwords in less than a minute.
 
This summer, UCit will align with international best practices by requiring any password created or changed on central systems to meet minimum complexity requirements.

The following is information that will be sent to the entire user community as we get closer to implementation:

Each password must meet the following requirements:
·        contain at least one lowercase letter
·        contain at least one uppercase letter
·        contain at least one number
·        be a minimum length of eight characters

We recommend that you also include a symbol (@!#$%^&|;:, … etc.) in your password, but this is optional.

The password you are using at the time of the change will continue to work until the next time you are prompted to change your password.  At that time, the system will require that you choose a strong password.

This change will affect all Central Login systems such as One Stop, UC Flex, Exchange e-mail and all other currently connected systems.

Here you can find tips on selecting a strong, easy to remember password

We recommend that you administer your password through the new Password Self-Service (PSS) tool at https://www.uc.edu/PSS

Password Self Service (PSS) - Delivered February 12, 2008

The Password Self-Service tool (found here https://www.uc.edu/PSS) allows users to change or reset their passwords themselves.

When a user first logs into the system, he or she will be prompted to change the setup password. The system will guide the user through a short series of steps to set up a security profile and to provide the answers to several questions. The setup process will take only a few minutes. If the user later forgets the password, he or she can reset it by providing the answers selected during the setup process. 

Users who need to reset their passwords no longer have to call a Help Desk consultant. In addition to improving customer service to those who need passwords reset, PSS has improved service for users who require Help Desk assistance with other matters but cutting hold times.

Note: Changing your password in any connected application will change it all other connected applications.
Click here for a complete list of all applications connected to the central system

For more details, or for help with PSS, please the PSS help page or call the UCit Helpdesk at 513 556-HELP

Directory Sync (DirSync) - Ongoing

The Directory Sync project is an ongoing effort to synchronize user information in many different systems. This allows databases and directories of user information to be updated in real time when a change is made. If a user updates their current phone number or local mailing address, or if that person changes their password, that change is automatically updated in all connected systems (full list below)

Systems connected to the central directory (ID Vault)

Strong Passwords Required - Coming mid-summer 2008

There is currently a significant weakness in UC’s information security infrastructure, many systems at UC will accept nearly any user-created password. UCit is correcting this through the initiation of a requirement to only accept strong passwords. A strong password is not listed in the dictionary, uses more than the standard lowercase alphabet, and is at least eight characters long. A recent audit of passwords in use at UC indicated that commonly used passwords were a standard English word of only four or five characters. Someone using freely available password crossing software can break such passwords in less than a minute.
 
This summer, UCit will align with international best practices by requiring any password created or changed on central systems to meet minimum complexity requirements.

Each password must meet the following requirements:
·        contain at least one lowercase letter
·        contain at least one uppercase letter
·        contain at least one number
·        be a minimum length of eight characters

We recommend that you also include a symbol (@!#$%^&|;:, … etc.) in your password, but this is optional.

This change will affect all Central Login systems such as One Stop, UC Flex, Exchange e-mail and all other currently connected systems.

Here you can find tips on selecting a strong, easy to remember password

Future phases of the IDM project

• The email team is working to enhance the student email system over the summer.  Part of those enhancements will be to connect the student email system to IDM so the password for email will be the same as for One Stop and all other connected applications
• Blackboard is planning to join IDM mid-summer this year.
• IDM team members and personnel from the Remote Access team are working to bring the remote access technologies into the Identity Management infrastructure.  These include VPN, Radius, Dial-up, WEP, WPA2, Secure Connect and Clean Access.  Initial testing has begun and a timeline for delivery is being finalized.
• IDM Connectors will soon be offered to individual UC colleges to allow the college to keep their local student directories in sync with the central system. This will allow colleges to sync the passwords for their local applications with the passwords used in other central systems like One Stop and eventually Student Email and Blackboard, as well as reducing the administrative overhead currently spent by the colleges to maintain student data on their local systems. UCit is currently developing an SLA for this service.
  

As the project progresses, UCit will initiate more efforts in the overall IDM project.
This site will be kept up to date with information you need to know, so please check back.