MUSC Medical Links Charleston Links Archives Medical Educator Speakers Bureau Seminars and Events Research Studies Research Grants Catalyst PDF File Community Happenings Campus News

Return to Main Menu

Access to get easier by merging passwords

by George Spain
OCIO Technical Publisher
It's called NetID and it's the first step in a new Identity Management system that promises simpler access to secure systems on the MUSC network.
 
Merging two different login and password systems into a single Identity Management System will begin at the end of July, according to Mitchelle Morrison, project manager for the Office of the CIO's Identity and Access Management Services.
 
Access to most systems on campus is controlled either by an Active Directory (AD) account or by a MUSC Network Account (MNA)—together totaling about 18,000 users. These accounts consist of a login and a password. For example, the AD account is used to access LYNX workstations and Webapps. The MNA login is used for IMAP e-mail, Human Resources' MyRecords, Homeroom, Enrollment Management's WebAdvisor, PPP, VPN, SunOne Calendar, downloading software, FTP, maintaining wwwdev.musc.edu Web sites, and many other resources. These two accounts will merge into one account called NetID.
 
NetID is really the first phase in a series of projects that is expected, eventually, to lead to the ideal single sign-on, where a single login and password will access virtually all available systems in the MUSC network.
 
However, NetID won't immediately affect special systems such as Groupwise, OACIS, PACS, Keane, or SmartStream, which have unique requirements for passwords. These systems will still require separate passwords.
 
The new process will work like this:
 
All new employees and students will undergo registration either through the admission or new-hire Human Resources processes. Once registered, they will be issued a login and a temporary password which they will then use to access a Web site where they can select a password of their choosing (with certain restrictions). When selecting a password, they will answer three secret questions that will later be used to re-authenticate them and issue a new temporary password if they forget the original.
 
Secret questions consist of the usual “mother's middle name, favorite city,” etc. Users will answer three of these questions and will have to remember the answer to at least two of these questions to re-authenticate themselves.
 
For these new employees, logins will consist of the employee's initials, plus some digits as needed for uniqueness (e.g. “gss1”). However, these new logins will answer to an e-mail alias (e.g. spaing@musc.edu). The e-mail alias can be changed upon request.
 
As for passwords, Morrison says only good ones will pass muster.
 
“Passwords have to be between six and 10 characters long, and will have to meet three of four conditions: at least one number, at least one upper case character, at least one lower case character, and at least one special character. Passwords must also pass a dictionary check,” said Morrison.
 
So, “rover” won't do. To use this pet name, for example, it would have to be something like “R0^er9.” The second character here is a zero and the third is a carat (shifted 6), which represents an upside down V. This fictional password contains a special character, an upper case character, two lower case characters, and two digits. See https://www.musc.edu/infoservices/mna/goodpwd.html for further tips.
 
That's for the new people. So, what about current users?
 
Current AD and MNA users, are subject to the same rules with these exceptions:
  • If you already have a password that is good enough, you won't have to change it.
  • You won't have to switch your login name (to initials and numbers as above) unless you want to change your login for some personal or legal reason (i.e. marriage, divorce).
So, if you're a current user with an AD or MNA account, the changes will be minimal. However, to activate your new NetID account, you will be asked to enter your login and current password at a special registration Web page. If your password doesn't pass muster, you'll need to choose a new password that does.
   

Friday, June 23, 2006
Catalyst Online is published weekly, updated as needed and improved from time to time by the MUSC Office of Public Relations for the faculty, employees and students of the Medical University of South Carolina. Catalyst Online editor, Kim Draughn, can be reached at 792-4107 or by email, catalyst@musc.edu. Editorial copy can be submitted to Catalyst Online and to The Catalyst in print by fax, 792-6723, or by email to catalyst@musc.edu. To place an ad in The Catalyst hardcopy, call Island Publications at 849-1778, ext. 201.