Campus ID News
Card, mobile credential, payment and security
FEATURED
PARTNERS
password 1

Indiana University combatting fraud with robust password policy

Andrew Hudson   ||   Oct 12, 2018  ||   

It's a potentially damaging practice, particularly for universities, with many student and faculty users and valuable assets all protected by passwords.

With this in mind, researchers at Indiana University have examined the practice of password reuse and posited ways to mitigate the risks associated with this insecure practice.

According to research conducted at the university, longer minimum passwords are the most effective way to reduce potential exposure in a third-party data breach, as well as prevent password reuse. The work being conducted by the group of researchers points to a simple way to foil criminals intent on breaking into university data.

Requiring longer and more complicated passwords resulted in a lower likelihood of password reuse, according to research findings from "Factors Influencing Password Reuse: A Case Study." The authors of the paper are Jacob Abbott, an IU Bloomington Ph.D. student; Daniel Calarco, chief of staff for the IU Office of the Vice President for IT and CIO; and L. Jean Camp, professor in the IU Bloomington School of Informatics, Computing and Engineering.

To investigate the impact of policy on password reuse, the study analyzed password policies from 22 different U.S. universities, including IU. The research then extracted sets of emails and passwords from two large data sets that were published online and contained over 1.3 billion email addresses and password combinations. Based on email addresses belonging to university domains, passwords were compiled and compared against a university's official password policy.

The findings were clear: Stringent password rules significantly lower a university's risk of personal data breaches. Some highlights from the report:

  • Passphrase requirements: a 15-character minimum length deterred the vast majority of IU users (99.98%) from reusing passwords or passphrases on other sites.
  • Universities with fewer password requirements had reuse rates potentially as high as 40%.
  • Analysis found that IU performed the best of the 22 examined universities -- and had the most extensive password requirements.

"IU has worked with security and usability faculty to design our password policies, with the result being policies that value people's time while mitigating risk," says L. Jean Camp, professor in the IU Bloomington School of Informatics, Computing and Engineering. "The length and complexity are balanced by the extended period before new passwords must be generated and the use of a longer authentication time window for applications. Indiana University's rollout of two-factor authentication is similarly a model."

In addition to its findings, the researchers offer some recommendations to safeguard university personnel and the general public:

  • Increase the minimum password length beyond 8 characters.
  • Increase maximum password length.
  • Disallow the user's name or username inside passwords.
  • Contemplate multi-factor authentication.
  • Multi-factor authentication is becoming more common and usable. IU, for example, employs Two-Step Login. Multi-factor authentication may be a viable alternative to changing the length and complexity of password policies.

Related Posts

Subscribe to our weekly newsletter

RECENT ARTICLES

High school bathroom

Bathroom breaks tracked by campus ID and mobile app

At California’s Fresno High, a new app is authorizing and monitoring trips to the bathroom in an effort to increase students’ time in class and decrease gathering in halls and bathrooms. Of course, this has not gone over well with students. Raising your hand and asking the teacher if you can go to the bathroom […]
Atrium Ozzi container

Atrium clients track check-out and return of reusable containers at OZZI kiosks

The push to reduce or even eliminate single-use containers from campus dining is now easier for Atrium clients. Thanks to a seamless integration between Atrium and the OZZI reusable container program, the processes for both students and dining services is streamlined. Atrium clients have been using OZZI for years, but the two systems were independent. […]
HID report snapshot

Security industry’s top trends include mobile IDs, MFA and sustainability

The 2024 State of the Security Industry Report from HID Global studies trends and changes in the security industry. This year six major themes emerged surrounding mobile identity, multi-factor authentication, biometrics, AI, and sustainability. The research includes data from more than 2,500 individuals – partners, end users, and security/IT personnel – from around the globe. Respondents […]
CIDN logo reversed
The only publication dedicated to the use of campus cards, mobile credentials, identity and security technology in the education market. CampusIDNews – formerly CR80News – has served more than 6,500 subscribers for more than two decades.
Twitter

Feb. 1 webinar explores how mobile ordering enhanced campus life, increased sales at UVA and Central Washington @Grubhub @CBORD

Join Jeff Koziol and Robert Gaulden from @AllegionUS as we explore how mobile credentials and proptech are changing on- and off-campus housing.

Load More...
Contact
CampusIDNews is published by AVISIAN Publishing
315 E. Georgia St.
Tallahassee, FL 32301
www.AVISIAN.com[email protected]
Use our contact form to submit tips, corrections, or questions to our team.
©2024 CampusIDNews. All rights reserved.