IMPORTANT Heartbleed Update- All faculty, staff and students MUST change passwords by May 14th

As mentioned in last week’s email, Computing Services has now finished taking all actions to patch our systems due to the Heartbleed security vulnerability. Now that our systems are patched, ALL students and employees will be required to change their passwords. This is a direct result of the type of vulnerability that Heartbleed exposed. Your account cannot be considered fully secure until you have reset your password. Although there is no indication that our systems have been exploited, all passwords must be changed on our systems if there is even a chance they could have been compromised.


*****Employees and students have until May 14, 2014 to change their passwords. If the password for your account has not been changed by that date, your account will be locked out.

All users can change their passwords by visiting, clicking either Faculty/Staff (for employees) or One Stop (for students) and clicking the `Change your password’ button. As a reminder, we will NEVER ask you to share your username or password through email! ******


If you have any questions or concerns, or would like assistance in going through the password reset process, please contact the ASU Computing Services Helpdesk at 719-587-7741. You may also stop by the Helpdesk Monday through Friday 8:00 AM to 5:00 PM and we will have one of our technicians help you with the process.


***Password Guidelines***


When you change your password you will need to choose a new, unique, and strong password. Please see our helpful How-To on creating a strong password, including some dos and don’ts:


What NOT to do when choosing a Password:


-Do NOT choose a password based on personal data that is easily obtained, such as your name, username, address, your pet’s name, or your favorite sport.


-Do NOT use a password that is a word in the dictionary or as keyboard sequence, such as QWERTY or 12345.


-Do NOT choose a password that is a simple transformation of a word. For example, password123 is not a good password, since 123 is a common, simple transformation of a word.


-Do NOT use the same password for multiple systems. If you use a password for your ASU account you should not re-use that password on personal sites, such as banking or social media. Every site should use a unique password.


-We strongly recommend using a password manager. Details on the recommended password managers can be found in the password tips link above.


***Got questions? Come talk to CS staff at a technology update discussion session***


All students and employees are invited and encouraged to attend a briefing by the Computing Services staff next week that will provide further information regarding the Heartbleed vulnerability, and share secure password management practices. A follow-up email will be sent out shortly with the dates and location of these meetings.


***More information regarding Heartbleed***


What is heartbleed?


Heartbleed is a vulnerability in OpenSSL that lets an attacker read the memory of a web server, which could include information such as usernames, passwords, emails, and credit card information. Some ASU services use OpenSSL, which is why we are forcing a password change for all our users.


Should I change all my passwords?


If the website you use also used OpenSSL, then you should change your password. CNET has a list of the top 100 websites, including if they were vulnerable, if they have been patched, and if you need to change your password.


Thanks for your help in keeping ASU Computing resources secure!


Computing Services