The day before the start of the 2023 academic year at the University of Michigan, the school cut access to online services.
In what appeared to be a cyber-attack, the school cut internet connections to its campus and asked federal law enforcement to investigate the matter.
Students were told they could still access online platforms using cellular connections.
But they couldn’t use the school’s internet.
The school also sent an email urging everyone to reset their passwords.
“The University of Michigan is requiring all community members to change their UMICH password by the end of the day on Tuesday, September 12.” said the email.
Users were told that if they failed to reset their password, they wouldn’t be able to use any online services.
In addition, alumni, retirees, and other groups were required to change their passwords as well.
The University of Michigan has over 50,000 students and nearly 10,000 faculty.
And all of these people plus more were required to change their passwords.
Which made things worse, because the school also had issues with the password reset process.
The account management portion of the online services was not functioning properly.
When the school was questioned about the issues, they said the ongoing investigation prevented them from sharing “anything that might compromise that important work.”
The fact is that 80% of cyberattacks are the result of passwords being compromised.
Which is why some companies are considering using “never expire” passwords with no requirement to reset them every 90 days.
One of the reasons that companies are abandoning passwords that expire is that many people reuse weak passwords.
Oftentimes users will add a single number or letter to the existing password, making changing the password pointless in the first place.
Plus, it’s estimated that between 20% to 50% of IT requests are to reset a password.
If a company uses passwords that never expire it would greatly reduce the time wasted by IT.
However, while “never expire” passwords may sound like a good thing, here are a few of the risks that can come with it.
Reused other places:
Even if companies require strict guidelines for passwords that don’t expire, this won’t prevent the user from using the same password on another website.
In fact, over 60% of people admit to reusing passwords on multiple sites.
So, someone could create the best password in the world, but if they use it on every website, it could still be easily compromised on some other site.
Who would know it’s stolen:
Another concern with never expire passwords is that it could leave the door open for hackers.
For instance, on average, it takes an organization over 200 days to identify a security breach.
If a password that never changes is hacked the bad guys could have access for a long time since the password does not change.
While a user required to change a password every 90 days would alert to the threat and theoretically kick out a hacker who doesn’t know the new password.
Stricter password requirements:
Most websites already have strict password requirements such as using numbers, letters, and symbols.
Yet, if the password never expires, they are likely going to be even stricter.
And most likely, companies would require users to create strong passphrases.
Using passphrases is a great way to make it harder for hackers to guess passwords.
Yet, the stricter an organization makes password requirements the more likely users will get frustrated.
What I mean is that if a company makes password requirements that are annoying to the average user, the user may get agitated and go somewhere else.
Right now, “never expire” passwords don’t sound like the best idea.
Instead, regularly change your passwords, making them using numbers, letters, symbols, and passphrases, and avoid reusing a password from another website.
But this is just the tip of the iceberg when it comes to securing your private information online.
You also need a robust plan that addresses all the potential vulnerabilities and shields you and your family from being victimized by hackers or thieves.