Why do I have to change my UWin Account password every 120 days (once a semester)?

Your UWin Account gives you instant access to a lot of sensitive and important data, so keeping this data protected at all times is a major priority and responsibility of all users of University systems and online resources. The one thing that can greatly protect this data and reduce the possibility of security and privacy breaches is for users to periodically change their UWin Account password.

In the IT world, there is always a tug of war between the security of data and user convenience. While more security usually means greater inconvenience to users, it is reasonable to question the merits of regular password changes. To add to the confusion, recently, there was some controversy in the news questioning the well established cyber-security best practices that have been in place for decades.  However, the practice of changing passwords regularly continues to be a common security measure and was recommended by KPMG – the auditors of our new UWinsite Finance system, as well as Deloitte – the University partner that was chosen to implement the new ERP system.

Cyber-security risks have increased and hacking technologies have improved a lot in the past ten years. So, using the same passwords for several years absolutely puts your UWin Account security at risk. Changing your password avoids a number of dangers -- including some that are less obvious, such as what happens to the passwords you have saved on computers you no longer own. It eliminates the possibility that someone may be in possession of your credentials and will one day use them for something nefarious or trade them on the Darknet to people who will exploit them. Not all hackers take what they need and leave immediately after breaching your account. Occasionally hackers may continue accessing your account, either to monitor your data or continue stealing information over time. It can be difficult to figure out if someone else is using your account, so by changing your password consistently, you greatly reduce the risk that other people will have at will access to your account.

Keeping these in mind, the University has recently developed the Digital Password Management Policy that goes into effect in February 2018 and coincides with the launch of the new UWinsite Finance ERP system. On the first access of the UWinsite Finance system, any user who has not changed their UWin Account password in the last four months (120 days)  will be required to change it before being allowed to sign in. To find out when was the last time you changed your password, go to My UWin Account page.  

I.T. Services recommends that you also consider changing your other passwords every few months to be on the safe side. Since changing your password regularly increases the likelihood that you may forget it one day, I.T. Services strongly recommends that you configure your Security Questions, if you have not done this already. This will allow you to reset your forgotten password anytime using our online self-service option. For more information or to request assistance, please visit UWin Self-Service Portal at uwindsor.ca/help