Information Technology
Page may be out of date
This page has not been updated in the last 5 years. The content on this page may be incorrect. If you have any questions please contact the web team.

IT Service Desk

Contact
In person – Drinko Library 141
304-696-3200
Live Chat available on our pages

Desk Hours
Monday – Thursday 7:00 AM – 11:30 PM
Friday 7:00 AM – 5:00 PM
Saturday 10:00 AM – 6:00 PM
Sunday 1:00 PM – 11:30 PM

Blackboard Status

FAQ – MUNet Password Configuration

Please Read and Be Aware of Recent Changes to YOUR MUNet Password Configuration

Information Technology have recently applied a configuration change to improve the security of your MUNet Account. This update makes changes to the requirements for new and reset passwords. This change does not require any action from you at this time. Information Technology would like to remind you to change your passwords often, but no less than once per year.

This update makes the following changes to the previous ‘default domain password policy’:

  • Increase the minimum password length from 6 to 8 characters;
  • Enables password complexity to require passwords to meet the following criteria:
  • Passwords cannot contain your username or your entire display name (e.g. I cannot use the string ‘cutler1’ or ‘Jon Cutler’ within my password)
  • Password must contain letters from three (3) out of the four (4) following categories:
    – UPPER case letters for European languages (A-Z with diacritic marks, Greek or Cyrillic characters)
    – Lowercase letters for European languages (a-z with diacritic marks, Green or Cyrillic characters)
    – One or more digits (0 thru 9)
    – Any Unicode character that is recognized as an alphabetic character but is not uppercase or lowercase.
    This includes any supported punctuation, symbols and special characters as well as Unicode characters from Asian languages.
  • Enable account lockout after 10 failed authentication attempts.
    • Note, this lockout will ignore further login attempts for 10 minutes (lockout period), after which the timer will automatically reset (lock out timer) after 10 minutes. You do not have to call the IT Service Desk manually reset locked out accounts as the lockout will reset automatically in 10 minutes.
  • Enable password history – you cannot reuse any of your last 5 passwords.
  • Enable password minimum age to 5 days – once you change your password, you will have to wait 5 days before you can change it again. However, should you forget your new password, a member of the IT Service Desk team can assist you with a password reset for your account upon request.

If you have recently changed your MUNet password, then in most cases, you should not see any impact to your account until the next time you need to change your password.

Why Are We Making These Changes?
This past year, we’ve noticed a growing trend in brute force login attempts against accounts within the campus community. We are also receiving an increasing number of alerts for account compromises. These changes are being implemented to reduce several common risks to our MUNet account credentials including the risk of automated password guessing attacks and reuse of a password which may have been previously compromised.

When will these changes occur?
This new configuration was applied earlier in the month to IT employees. These configurations have already been applied to Information Technology teams – to ensure we are having the same experience.

What about the rest of campus?
Our current plan is to gradually expand this configuration to ALL existing MUNet accounts. Once we demonstrate these changes do not create a significant disruption to accountholders or IT support staff, they will become the default settings for all current and future MUNet accounts.

Some tips to keep in mind:
1. If you have forgotten your password, you can reset it through the ‘Forgot Password’ link on myMU single-sign-on gateway.
2. You may find that your MUNet password is stored on multiple devices. So if you change your MUNet password, be sure you remember to update your Polycom phone, mobile/wireless devices, etc.
3. When choosing a password, make sure your password is secure. A great way to select a secure password is think of it as a ‘passphrase’ not just a ‘word’. A good passphrase increases security by increasing entropy (the degree of randomness) of your password. This should make it easier for you to remember, and more difficult for a bad guy to guess. Note: See these tips for creating a good hacker-resistant password: https://www.marshall.edu/it/departments/information-security/hacker-resistant-passwords/
4. There is a minimum password length of 8 characters, but please do try to make it longer with a passphrase.
5. Self-service password changes are limited to once every 5 days and cannot reuse the previous 5 passwords.
This discourages password reuse. Note: a password can be reset administratively as often as necessary, but this does not reset the password history or minimum age of 5 days.
6. Should your MUNet credential ever become compromised (e.g. your password was part of a non-Marshall account breach or if you were asked to change your password as part of a phishing attack) you must NEVER use that password again. The bad guys share these exposed credentials and others will keep retrying make use of them.
7. Use separate passwords for your Marshall and personal matters – never use the same password to secure sensitive and non-sensitive data. This way if a password used for personal use is compromised, it cannot also compromise Marshall systems.

As always, please be sure to report any unexpected issues to the IT Service Desk.