MIT Certificates Expire on July 31

If you haven’t done so already, be sure to renew your MIT personal web certificates and at the same time update your password (if the password is over a year old). Pick a strong password so that it’s less likely to be compromised.

Renewal of personal web certificates is not automatic, so plan to renew to ensure continued access to MIT’s secure applications, including Atlas, Benefits, SAPweb, WebSIS and software downloads.

This year, signing up for Duo Authentication (see above article) is added as an option, but next year when certificates expire it will be required, including for students.

Personal Certificates Renewal Time

Every year at MIT personal web certificates expire on July 31. Renewal is not automatic, so for continued access to MIT’s secure web applications, such as Atlas, WebSIS, COEUS Lite, and ePaystubs, be sure to renew your certificate.

When you obtain your personal certificate, if you haven’t changed your password for over a year, you will be prompted to do so as an additional security measure. You may want to review password strength requirements before choosing a new one.

Certificates obtained after June 30, 2014 are valid until July 31, 2015.

Who’s Still Vulnerable to Heartbleed?

Is the Internet safer since the discovery of Heartbleed? To an extent.

Many websites responded promptly to the bug by patching OpenSSL, replacing their SSL certificates and revoking the old certificates. However, 7% of these sites made a mistake: they reissued certificates without changing the encryption key that may have been leaked via Heartbleed.

It is critical to keep the private keys of certificates secret. If an attacker steals the private key, he can impersonate the secure website, decrypt sensitive information, or perform a man-in-the-middle attack. By reusing the same private key, a site that was affected by Heartbleed still faces exactly the same risks as those who have not yet replaced their SSL certificates.

So, it is STILL VERY IMPORTANT to check first before visiting sites to see if they remain affected by Heartbleed. You can check these sites by using several online tools, including:

Read the full story in the news.

MIT Web Certificates Renewal Period

As happens each year around this time, your MIT personal web certificate requires renewal. Certificates will expire on July 31, 2013. To ensure continued access to MIT’s secure web applications, such as Benefits, SAPweb, WebSIS, COEUS Lite, and ePaystubs, plan to renew in the coming weeks.

Certificates are a safe way for our web applications to identify you without you needing to type in a username and password. They must be installed on each browser for each computer that you use for accessing certificate-protected sites.

This KB article can help you install/renew your certificates or troubleshoot any problems you encounter. If you still need help, please contact the IS&T Help Desk.

Because certificates may give you access to sensitive information, it’s important to protect them with a strong Kerberos password. Please note that this year you may need to update your Kerberos password if you have not changed it in over a year. Additional information on new password requirements are mentioned in the article below.

Kerberos Password Strengthening

As part of the broader effort to strengthen campus security, MIT has implemented some changes to certificate renewals and Kerberos passwords. This includes:

  • Stronger password requirements
  • Password expiration policies tied to certificate renewal

This year when you renew your web certificate, you may notice that you will be required to change your password if it is more than a year old.

This article by IS&T explains the changes and what this means for you and the MIT community.

We understand that it can be a challenge to choose a password you can remember and that is strong enough to meet the strength requirements. For more details on creating strong passwords and pass phrases, see this Strong Passwords article in the Knowledge Base.

Reminder to Change Your Kerberos Password

It’s that time of year to renew our MIT personal web certificates (which expire the end of July) and at the same time to refresh our Kerberos password if it’s been over a year since it was last updated.

Why change your password? Password strength requirements change as password cracking methods become more technologically advanced. While a 6-character password used to be considered strong enough a few years ago, today the recommendation is 8 characters and longer. Complexity is also a factor: using 3 different types of characters (upper case and lower case letters plus special characters) is better than just using one or two different types.

Password complexity and length does add one large risk: being able to remember it becomes more difficult. Especially since we often have more than one password we need to remember, it’s becoming a challenge to keep track of them without the need to write them down.

I have found a great solution is a password vault that encrypts all my passwords, right on my computer. One master password is needed to gain access to them. LastPass is one such service which I have used for years now and can’t imagine living without. It is free and easy to use. Other options are KeePass and Password Safe (both free open source password managers). You can find others if you search your browser on the terms “password manager” or “password vault.”

Change your Kerberos password here.

New MIT Secure Wireless SSL Certificates May Prompt Users to Trust

Last week Friday, May 4, IS&T installed new SSL/TLS certificates on the wireless RADIUS servers. MIT’s certificate provider has changed from Equifax to GeoTrust.

As a result of this change, users of the MIT SECURE and MIT SECURE N wireless networks may be prompted to trust the new certificates. Users concerned that they are being presented with an illegitimate certificate can compare its fingerprint with those of the legitimate certificates listed in the Knowledge Base.