Passphrase campaign ends successfully

The campus "upgrade to a passphrase" campaign ended well. When it finished in late February, nearly all active UC Davis computing accounts had switched to the sturdier passphrases from the old eight-character passwords.

The tougher standard satisfies federal electronic authentication requirements, and reduces the ability of hackers to break into UC Davis computing systems.

"We thank the campus for working with us to complete the transition," said Robert Ono, information technology security coordinator for UC Davis. "At times it was inconvenient, but the campus account authentication system is now significantly more secure and robust than it was."

As part of the program, the campus account system was moved from older hardware and software, no longer supported by the vendor, to a completely new computing environment.

The old password standard dated to the 1980s.

In early 2010, Information and Educational Technology launched the campaign to explain the need for the upgrade. It invited faculty, students, staff and affiliates with existing accounts to voluntarily switch to passphrases of at least 12 characters. Passphrases became standard for all new campus computing accounts.

Last November, IET--after alerting account owners--began expiring accounts that had not been upgraded. Accounts were expired in phases by alphabet, starting with "Z" and "Y" on Nov. 15 and ending with "A" on Feb. 24. Account owners regained access once they converted to a passphrase.

Records show that 56,559 accounts converted, achieving a compliance rate of 96.2 percent as of March 1. The unconverted accounts, many inactive, will remain unusable until the account holders upgrade to a passphrase.

Read more at the campaign website.