Login Credential security

IT Services have had a reminder from ja.net CSIRT regarding user credential sharing and the associated issues.

For both staff and students at the University of Reading, the sharing of your login credentials is in contradiction of University regulations, as it is in breach of the Acceptable Use Policy and is subject to disciplinary procedures.

The reminder from CSIRT was as follows:

Over the past few weeks we’ve come across a number of situations where
users have been sharing, or encouraging the sharing of eduroam
credentials between each other. For instance a user might want to
provide temporary access for a friend or a visiting lecturer from a
non-eduroam organisation might want immediate network access. It
should be clear to us as system managers that this is not safe behaviour.

This might be a good opportunity to remind your users that their
passwords are not simply something that provides network access but
are also a critical part of their online identity that like a driving
licence or passport should not be shared.

Lending your eduroam credentials to a friend would result in you being
held accountable for any misuse. It’s also worth remembering that
these credentials do not just provide access to a network, but will
often provide access to e-mail, file storage and VPNs that may contain
highly personal and sensitive information.

The reference to sensitive information is a critical point for staff to remember, as sharing your credentials puts your access to your own personal data at risk. For students, it may put IT items such as your email or your coursework at risk.  For all, it represents a massive personal and institutional risk to reputation. Imagine the consequences were your University email compromised, it could cause you considerable embarrassment and potentially the University too.

One of the key reasons for people sharing account details is the belief that obtaining a guest account for a visitor is too onerous. IT Services offer access to this facility via ITS Help, the Library IT Help Counter, Greenlands Campus Reception and through some local IT Supporters. There is also a bulk account creation facility, which helps with provision for conference attendees.

 

Tags: , , , ,