Are Passwords a Thing of the Past?

There are plenty of reasons to hate passwords. A recent Ponemon Institute study provides some insights into why many people have developed what has become known as password fatigue:

  • Respondents reported having to spend an average of 12.6 minutes each week or 10.9 hours per year entering and/or resetting passwords. Most respondents also reported being unable to complete personal transactions because they had forgotten their passwords.
  • About two-thirds (69 percent) admitted to sharing passwords with coworkers to access accounts, and more than half (51 percent) said they reuse an average of five passwords across work and personal accounts.
  • Most respondents do not use a password manager and rely on human memory, spreadsheets, and sticky notes to manage passwords. Fewer than half (45 percent) use multifactor (or two-step) authentication in the workplace.1

It is increasingly clear that new security approaches are needed to help individuals manage and protect their passwords, and passwordless login technology could provide an option. A majority of IT security professionals and individual users believe that the use of biometrics or hardware tokens could offer better—and more user-friendly—security protections.

Several colleges and universities—including Duke2 and Stanford3—are working to develop and deploy passwordless solutions. In the meantime, multifactor authentication and good password practices can help as we move toward a passwordless future.

Tips on protecting your digital identity:

  • Use a fingerprint or biometric requirement to sign in when available. This provides an extra layer of protection for devices and apps.
  • Whenever possible, take advantage of whatever two-factor authentication (2FA) methods are available for your service. View a list of websites that support two-factor authentication (2FA).
  • Create a unique username and password or passphrase for each website or application.
  • Use a password manager to help avoid password reuse, and protect it with a long passphrase. Some password managers are free, but you can also check with your IT department to find out which tool it recommends.
  • Update to the latest security software, web browser, and operating system. Turn on automatic updates to help protect your personal information against new threats.
  • Stay protected when connecting to any public wireless hotspot. Use a virtual private network (VPN) client, which provides secure remote access to resources.

Campus Security Awareness Campaign 2020

This post is part of a larger campaign designed to support privacy, security, and IT professionals as they develop or enhance their security awareness plans. The campaign is brought to you by the Awareness and Training Community Group sponsored by the EDUCAUSE Higher Education Information Security Council (HEISC).


Zoom Meeting Security

With the increasing use of Zoom, you may have heard stories in the news about uninvited guests joining meetings and being disruptive. Zoom has several features designed to help prevent this activity.

The following options can be defined when you set up or edit an existing meeting.

  • Require Meeting Password—This setting allows you to set a password for your meeting. The most important thing you can do to help protect your meeting is to keep the meeting invite and password (if used) private. Share the meeting password privately with your participants. Don’t post it to social media or public websites where uninvited guests can find and misuse it.
  • Waiting Room—This option puts participants in a staging area, where they wait until the host invites them into the Zoom meeting. This gives the host more control over who is joining and the ability to keep out uninvited guests. This option works better for small meetings but can be customized to accommodate larger groups.
  • Authenticated Users—This option requires users to sign into Zoom to join your meeting. While this is more secure than a public meeting, it still has risks; uninvited users who are logged into Zoom can still join your meeting.

If you are using the Zoom desktop application, the waiting room and authenticated user options are located under Advanced Options.

For security reasons, the screen sharing ability on Michigan Tech’s Zoom account is set by default to host only. This can be changed for your meeting by selecting the arrow next to Screen Sharing at the bottom of the meeting window. You can change this for your events in your settings at the Michigan Tech Zoom Page.

Zoom addresses these concerns and features in a recent blog post: How To Keep Uninvited Guests Out of Your Zoom Event, including how to take advantage of these features and related articles.


Google Chrome PDF Policy Change

Michigan Tech IT is changing how Google Chrome handles PDF files on Windows PCs. 

The ability to view the file in Chrome is currently disabled, forcing you to download the file to your computer and open it in Adobe Acrobat. This accommodation was for Michigan Tech forms with auto-expanding text boxes that did not work correctly with Chrome’s built-in PDF viewer. Examples include the Staff Hiring or Yearly Performance Management worksheet.

If you tried to open the form in Chrome you would see the following message:

screenshot showing please wait that appears after downloading pdf with auto-expanding text boxes

This message was confusing and uninformative. It said you should install Acrobat Reader, even though you already had the full Acrobat Professional application installed. To avoid confusion, Michigan Tech IT disabled Chrome from viewing PDFs and forced downloading the file. 

The change produced widespread and unintended consequences. It changed the familiar viewing method on personal computers and broke the Google Sheet print function used by students. Furthermore, it caused problems with Concur.

For these reasons, we are reverting Chrome to its default behavior. 

After selecting a PDF link, Chrome will attempt to display it in the web browser. If the PDF file contains auto-expanding text boxes, the “Please wait…” message will display. Download these PDFs and open them in Acrobat. View the download icon below:

download button located on on the top right corner of the pdf

Michigan Tech departments that have PDF documents with auto-expanding text boxes should configure their website to force the download of the file rather than allowing the browser to decide how to handle the file.

If you have questions about this change or need advice on how to make PDFs linked on your website download directly, we can help. Contact us at it-help@mtu.edu or 906-487-1111.