Report : CC password change request

Recently, a mail was circulated among all the residents requesting them to change their CC passwords urgently. When contacted, Prof. Y N Singh, Head, CC, asked us to get in touch with Prof. Sandeep Shukla of the CSE department for details.

Prof. Shukla informed us that this was a regular security measure since the passwords of systems like the one used in the CC are generally changed twice a year. IITK does not have an automated system that forces the user to change passwords at set durations.

Prof. Shukla explained, “As a cyber security researcher I advised the CC that the passwords must be changed every six months as long standing passwords often lead to compromised accounts. For example, if a key logger is installed on some public terminal and someone connects to their webmail on that computer, the password is compromised. A stolen password can allow a criminal to get into the CC system, and then try various compromising acts.”

In most institutes it is mandatory to change the passwords at least twice a year. The system itself prompts users as soon as the six month period ends, and does not allow the user to login until he/she changes his/her password.

He also mentioned that the CC may implement such a system in next few months and users will have to change their password at least twice a year which would have to be distinct from the last three passwords. Since such an automated system is not in place, requests are sent to change the password by mail.

Written by Aditya Sharma