We experienced a number of issues yesterday morning with students being unexpectedly forced to change their passwords; we avoid this type of unanticipated password change requirement due to its clear, negative impacts on instruction. We believe that we have resolved this problem as of 10 AM yesterday morning, and have begun reviewing our policies to ensure that this does not occur again.
On a related note, we’ll be beginning work next week to update our password policy to ensure that we’re safeguarding our students and staff while making sure that accounts are accessible and easy to use. This work will be driven by newly released standards from the federal government’s National Institute of Standards and Technology (NIST); you can read the full Digital Identity Guidelines here. For a nutshell version of some of the changes between the newly-released guidelines and previous recommendations, check out this article.
I’ll be posting more information as we move ahead with the process of updating our policy.
Yesterday, Google Drive was subject to a phishing attack that sent fake messages with a Google Doc link, with a subject line telling you that a file had been shared with you. This was a worldwide event (not just ICCSD), and you can read about this issue here, here, and here.
What should you do?
While there is no evidence that this scheme allowed attackers to steal passwords, we are recommending that if you clicked the shared doc link in one of these spam emails, you change your password as a precautionary measure. Since our ICCSD Google passwords are synchronized with our network passwords, you’ll need to change your network password. You can do this by pressing Control-Alt-Delete at the same time, and clicking “Change a Password”. You’ll need to enter your old (current) password, and then enter your new password two times. Within a few hours (at the most), your new network password will be synchronized to Google, and will become your Google password as well. Continue reading Alert: Google Fake Share Update