UC Davis will start expiring 8-character passwords Nov. 15

Dates updated Oct. 29

Powerful computers are great. But hackers have them too.

So if you still use an 8-character password to protect your UC Davis computing account, you need to change it. Passwords that short are no longer sturdy enough to withstand high-powered attempts to bust them open.

Fortunately, the solution is simple--just upgrade your password to a passphrase. Proceed to the big blue arrow on the computing accounts page, follow the directions, and you're done.

Photo:  A  poster  in  the  MU  helps  spread  the  word  A poster in the MU helps spread the word

The upgrade is part of the campus's ongoing effort to improve privacy and computer security, but new federal minimum passphrase strength regulations also require the change. The passphrases can have anywhere from 12 to 48 characters.

More than half of faculty, students and staff have already upgraded, and compliance has been rising by about 2 percentage points per week since July 12.

Passphrases are flexible, and don't have to be exotic, complex or long. You can incorporate spaces, or use a string of dictionary words. A good passphrase can be easier for the user to remember--"I love the beach." meets the new standard--but the length deters hackers.

Accounts that have not been upgraded will be expired in phases from Nov. 15-23, 2010, and Jan. 24-Feb. 24, 2011. A calendar shows when different groups of accounts, arr anged by alphabet, will be expired.

People who have not upgraded will see expiration warnings each time they log in, beginning two weeks before their password expires. Warnings for the first group--people whose login IDs start with Y or Z--will start on Monday, Nov. 1.

The warnings will tell you how many days you have left, and will continue until you upgrade or until your password expires. If it expires before you upgrade, you will lose access to your campus computing accounts.

But you can avoid all that drama by upgrading to a passphrase now.

Other key points:

  • Account holders can upgrade at any time from home, work, or a campus computer lab by using the computing accounts site.
  • People who have not set security questions must do so when they upgrade to a passphrase. The questions and answers they choose will help confirm their identity if they forget or lose their passphrase and need to create a new one.
  • People who have set security questions should review and update those questions.
  • Freshmen and transfer students already have passphrases, because the new standards took effect before they created their accounts.

The campus has posted instructions for creating a passphrase, and you can test potential passphrases to see if they meet the standard at the computing accounts page.