University staff members, including student staff who are eligible for benefits, will be asked to change any CNet passwords that are over a year old as part of the Information Technology Services (ITS) department’s campaign to bolster the security of University services. In an email to ITS staff members about the project, senior communications project manager Sandra Melnyczenko wrote that around 12,000 people fall into this category.

“We know password changes can be bothersome,” Melnyczenko wrote in the e-mail. “But old passwords and passwords that don’t meet complexity standards—or both—can make you susceptible to hacking attempts. And when you’re susceptible, so is the data you work with every day.”

If staff members do not adopt new passwords or passphrases (a new alternative to passwords) after multiple reminders, they will be shut out of their accounts until they do change them.

The only students included in the current phase of the campaign are students who receive benefits as staff members of the University. The campaign will later extend to faculty and the remaining students will eventually be asked to update their passwords. ITS staff members were asked to change their passwords in August.

The new passwords will have to be at least 12 characters long and include at least one number, one symbol, and both uppercase and lowercase letters. Passphrases, which may be used instead of passwords, are a series of words that, together, are at least 19 characters long. ITS staff anticipates that the passphrases will be easier to remember and to type in from a mobile device.