The Contra Costa Community College District will soon enforce password changes on the InSite portal for all students and faculty.
During the month of October, starting with employees, and then students, members of the district will be required to update their current passwords, making sure that the updated password will also abide by the new district password guidelines. New password must be at least 14 characters in length, contain both an uppercase letter and a lowercase letter and also include a number in it.
The upcoming password revisions are the consequence of an alarming number of attacks on accounts. Across the district, InSite accounts have been getting hit by “spray attacks” in which perpetrators attempt to guess the passwords of an account using random passwords.
The district was able to identify the growing number of attacks on the accounts and even used a third party system that helped them discover “several hundreds” of accounts whose passwords were also found on the dark web.
The recent attacks have raised eyebrows for District Information Technology members as they work to secure and maintain the safety of students’ and employees’ accounts.
“All of these are an attempt to secure accounts,” said Satish Warrier, director of District Information Technology.
Warrier said that updating district passwords not only secures our systems, but also, student accounts, hence securing student academic information.
Following the future update, students will no longer have to change their password again unless it has been compromised, or they personally choose to revise their passwords.
Warrier insists that certain past measures to deal with passwords will still be in place as IT will continue to provide assistance for such tasks.
“We have a ‘forgot my password’ link on the login page that could be used to reset passwords,” says Warrier. “Students can also call our help desk and we can assist.”
District IT will continue to be available if you contact the help desk for issues relating to your account. To ensure account security the helpdesk staff may ask one or more identifying questions to establish that they are speaking to the correct account owner.
As for other changes upcoming this fall, District IT will be securing accounts with an out of country login alert.
“Later this fall we aim to set up a system where we will alert you via a text message when our systems detect a login to your account from outside the United States,” says Warrier.
As the password update deadline gets closer, district members will begin to receive daily emails reminding them to change their password. Deadlines will be assigned by last name, starting with A-G on Oct. 10, H-P on Oct. 18 and Q-Z on Oct 25.
