Helix Users—Account Security Requirements Have Been Modified
Owing to increased security concerns, the Helix Systems staff has instituted some changes—including account locking and password aging—that affect Helix user accounts. These are part of a more extensive plan to strengthen security. Account Locking It is well known that unused accounts pose a security risk. One of the best methods of detecting intrusions is your recognition of unusual activity in your own account (for example, a file you didn’t create or previous login information you don’t recognize). If you don’t login to your account for several months, then there is a window for illegal activity in your account. To prevent this, any user account that has not had any activity other than remote email for long periods of time will be temporarily "locked" until the account owner contacts CIT’s Technical Assistance and Support Center (TASC). Currently all accounts with no active use since mid-May have been "locked" from login access. Effective immediately, any account not accessed during the previous six months will be locked. To reestablish login access, you will need to contact TASC. Passwords Users who do not regularly change their passwords pose an increased security risk both to themselves and to the system as a whole. Passwords are vulnerable to many methods of unauthorized access. For example, • Have you logged into your Helix account from a remote site without a secure (encrypted) connection? • Have you shared your account with someone else? • Do you have an account on another system that has the same password? Passwords to Avoid The following types of passwords are no longer considered robust enough for current security standards:
To make certain that all passwords are "fresh," the Helix staff instituted "password aging" in May that required all users to choose a new password before logging in. In the future, you will be required to change your password every six months. Two weeks before the password is set to expire, you will be notified when you login.
2. substituting 1 for i, 0 for o, $ for s in common words (e.g., d1abetes).
Good Passwords
It is important to know ahead of time what constitutes a good password and to take the time to choose one carefully. On Helix, your password must
1. contain at least six characters
2. include two letters (a-z) and two special characters (e.g., punctuation, digits)
3. embed at least one of these special characters within the password rather than including it as the first or last character
4. differ from your old password by at least three characters.
Easy-to-remember passwords include a short phrase that is meaningful to you with embedded punctuation (e.g., "home-again"); or the first letters and punctuation of a common phrase—for example "
Ilw.IlF" (I love work. I love Fridays).