TechTalk: Keep your PINs and passwords safe (03-18-94)

UpDate - Vol. 13, No. 24, Page 7
March 18, 1994
TechTalk
Keep your PINs and passwords safe

     Would you leave your car unlocked at the Vet while you attend a
Phillies doubleheader? Do you leave your office door open and your desk
unlocked at night when you go home? Most people would answer both questions
with a resounding, "Of course not!"
     But, are you using common sense about protecting other important
possessions: Your UD Personal Identification Number (PIN) and computer
password?
     A University student was recently accused of posting an unethical and
potentially illegal message to about 40 world-wide bulletin boards.
     "We learned that this student did not make the posting," explained
Susan Allmendinger of Computing and Network Services' Systems Security and
Access. "Someone had 'borrowed' his account to play a practical joke on
him, a very serious one."
     Further investigation found that the student had not taken good care
of his password. "He wrote his password and his account number on the back
of his ID card," Allmendinger said. "He thought this would be an easy way
to remember his password, until one of his 'friends' took advantage of his
unfortunate lapse in judgment."
     Allmendinger indicated that students, faculty and staff all must
exercise good judgement about their passwords and PINs. "Faculty and staff
make a commitment to do this when they sign the forms used to initiate
computer accounts," she said.
     Another person had his computer account suspended because he "loaned"
his account and password to someone else. The "borrower" then crashed the
computer. Allmendinger said, "You are accountable for the use of your
account on all the University's systems: computers, v-mail and other
systems. It is a violation of University policy to share your computer
account, your private v-mail box or your University ID card. It is also a
violation to try to obtain access to someone else's computer account,
dining service points, UD1 Flex card account, registration information or
other private information."
     From time to time, some systems have been subject to break-in
attempts, often someone trying to steal or guess passwords. By choosing a
good password or PIN, a responsible technology user protects himself or
herself from such attacks.
     As more and more accounts and information become available over the
campus network, it is even more imperative that all students, faculty and
staff follow good password and PIN procedures. "The University's
information systems can be secure, reliable places to work only when our
users are careful with their passwords and PINs," Allmendinger said.
                                                  -Richard Gordon