Blackboard OneStop Libraries BOL E-mail UCMail UCFileSpace

Enhancing Identity Management at UC

by Quinn Shamblin

UCit is pleased to announce that we are working on a series of projects to enhance identity management at UC. The first two projects — Password Self Service (PSS) and Directory Sync (DirSync) — will dramatically simplify the use of passwords at UC.
Under Password Self Service (PSS), a user first logging into the system will be prompted to change the password. The system will guide the user through a short series of steps to set up a security profile, and prompt for answers to several questions. A user who later forgets the password can reset it by providing the answers selected during the setup process. Users who need to reset their passwords will no longer have to wait on the phone for a Help Desk consultant to solve the problem. In addition to improving customer service to those who need passwords reset, PSS will clearly improve the wait for users who require Help Desk assistance with other matters.

To implement Directory Sync (DirSync), UCit technicians are configuring various directories in use at UC to synch with a single central source. When DirSync is complete, a user will be able to change his or her password in one location and have the password changed in every system he or she uses.

We expect these projects to have a measurable positive impact on users and various organizations that support them, such as the UCit Help Desk, and UCit teams that can phase out the disparate password management solutions required by our current architecture.

Once UC systems are set up so that people can administer their own passwords and have those passwords automatically updated in all the systems that they use, we can begin to require use of strong passwords. Presently, it is common practice for a person at UC to use a password that is either all numbers (0-9) or a word found in a standard English dictionary. Unfortunately, modern world hackers can crack such weak passwords in a matter of minutes, if not seconds. It is critical to the security of the information and systems at UC that such weak passwords be eliminated and replaced with something more complex and harder to crack. This does not mean the password has to be hard to remember. It simply needs to be hard to guess.

For information about how a password can be easy to remember, but hard to guess, please see How To... Choose a password on the Information Security web page.

For more details and information regarding the progress of the projects, please visit the project home page at http://www.uc.edu/infosec/Projects.htm.

previous article | next article

Return to the Summer 2007 index.

Print-Friendly version

Office of Information Technologies
University of Cincinnati
400 University Hall
University of Cincinnati
P.O. Box 210658
Cincinnati, OH 45221-0658
Phone: 513-556-HELP(4357); Fax 513-556-1006
E-mail: helpdesk@uc.edu
UCit Site Map