NetID - Why should I change my NetID password?
This document outlines why it is important to change your NetID password.
The reason your password change is important is that computer systems worldwide have come under increasing numbers of attacks by malicious individuals. Password cracking technology has become so sophisticated that many passwords that were considered adequate in the past can no longer withstand modern attacks. Why the increase in attacks? In many cases, they are searching for personal information that could be used for identity theft or to misuse services such as WiscMail or WiscVPN. Additionally, the attackers may be looking for restricted data such as social security numbers or sensitive data such as research. Or they may simply be interested in disrupting service or engaging in mischief. In any of those cases, repair of the damage caused and the effort to satisfy legal obligations in cases where private information is exposed can incur enormous cost.
Often, the way these malicious individuals get into a system is by determining someone's NetID and password - anyone's NetID will do. Once the individual gets into a system with that NetID and password, he or she can use a variety of techniques to obtain additional information that will give him or her additional privileges. The key is that it is not uncommon for an attacker to use the NetID and password of a person who may not even have direct access to confidential information. To date, dozens of universities have been named in news articles for the exposure of private information to individuals using techniques described above.
Many things have been done in our computing environment to protect against such attacks and, at this time, our largest risk is associated with passwords that can be uncovered. As more and more members in our community update their passwords to a value that is difficult to determine, our risk is significantly reduced. Even complex passwords can become vulnerable over time. You are encouraged to change your NetID password and reset your password recovery questions at least once a year.
It's easy to come up with a new, secure, password that is memorable. See Managing Password for overcoming this hurdle. Please don't let this be the reason for not complying with this University-wide effort.
Changing your NetID Password and Password Recovery Questions:NetID - Modifying your Account