Campus ID News
Card, mobile credential, payment and security
password 1

Indiana University combatting fraud with robust password policy

Andrew Hudson   ||   Oct 12, 2018  ||   

It's a potentially damaging practice, particularly for universities, with many student and faculty users and valuable assets all protected by passwords.

With this in mind, researchers at Indiana University have examined the practice of password reuse and posited ways to mitigate the risks associated with this insecure practice.

According to research conducted at the university, longer minimum passwords are the most effective way to reduce potential exposure in a third-party data breach, as well as prevent password reuse. The work being conducted by the group of researchers points to a simple way to foil criminals intent on breaking into university data.

Requiring longer and more complicated passwords resulted in a lower likelihood of password reuse, according to research findings from "Factors Influencing Password Reuse: A Case Study." The authors of the paper are Jacob Abbott, an IU Bloomington Ph.D. student; Daniel Calarco, chief of staff for the IU Office of the Vice President for IT and CIO; and L. Jean Camp, professor in the IU Bloomington School of Informatics, Computing and Engineering.

To investigate the impact of policy on password reuse, the study analyzed password policies from 22 different U.S. universities, including IU. The research then extracted sets of emails and passwords from two large data sets that were published online and contained over 1.3 billion email addresses and password combinations. Based on email addresses belonging to university domains, passwords were compiled and compared against a university's official password policy.

The findings were clear: Stringent password rules significantly lower a university's risk of personal data breaches. Some highlights from the report:

  • Passphrase requirements: a 15-character minimum length deterred the vast majority of IU users (99.98%) from reusing passwords or passphrases on other sites.
  • Universities with fewer password requirements had reuse rates potentially as high as 40%.
  • Analysis found that IU performed the best of the 22 examined universities -- and had the most extensive password requirements.

"IU has worked with security and usability faculty to design our password policies, with the result being policies that value people's time while mitigating risk," says L. Jean Camp, professor in the IU Bloomington School of Informatics, Computing and Engineering. "The length and complexity are balanced by the extended period before new passwords must be generated and the use of a longer authentication time window for applications. Indiana University's rollout of two-factor authentication is similarly a model."

In addition to its findings, the researchers offer some recommendations to safeguard university personnel and the general public:

  • Increase the minimum password length beyond 8 characters.
  • Increase maximum password length.
  • Disallow the user's name or username inside passwords.
  • Contemplate multi-factor authentication.
  • Multi-factor authentication is becoming more common and usable. IU, for example, employs Two-Step Login. Multi-factor authentication may be a viable alternative to changing the length and complexity of password policies.
Subscribe to our weekly newsletter


Feb 07, 23 / ,

Drake University maximizing off-campus program with Grubhub

Drake University’s fledgling off-campus program started in October of 2020, and it quickly became evident that mobile ordering would be a valuable addition. Grubhub joined the Drake CampusCash program just one short year later in October of 2021, and the partnership has provided Drake students with a wider variety of off-campus dining options than ever before.
Feb 03, 23 /

Brown campus mailroom adds visual queue

Brown University has added a new visual queue in its campus mailroom that displays the order in which students will be called to pick up their packages. The system is underpinned by the student ID card and a kiosk system in the mailroom.
Feb 02, 23 / ,

East Carolina adds robot delivery with Grubhub, Starship

East Carolina University has joined the growing list of institutions to deploy robot delivery, partnering with Grubhub and Starship Technologies to provide the service. All students, faculty and staff at East Carolina University are able to leverage robot delivery from main campus dining locations.
CIDN logo reversed
The only publication dedicated to the use of campus cards, mobile credentials, identity and security technology in the education market. CampusIDNews – formerly CR80News – has served more than 6,500 subscribers for more than two decades.

Join us, @NACCUorg, and @TouchNet to explore how campus card programs can successfully navigate the sales and procurement process. Join the webinar on June 6, 2 pm EDT.

Webinar: Learn how the University of Arizona uses campus cards, mobile ordering, kiosks, lockers, and robots to revolutionize campus dining. April 7, 2-2:30 EDT. Register Now at

As supply chain issues in 2021 persist, identity solutions provider @ColorID discusses ways campuses can to overcome potentially troublesome delays until the situation eases.

A dining services push at the @UBuffalo is reinforcing the utility of self-service checkout. @CBORD is improving the food service experience using the GET app, as well as Nextep kiosks and Oracle’s Micros Simphony POS.

Did you miss our recent webinar? No worries - watch it on-demand. Leaders from @NAU and the @UAlberta joined Ryan Audus, Touchnet, and Andrew Hudson, @CR80News, to discuss innovative mobile services and the future of mobile tech in higher ed. Watch now:

Load More...
CampusIDNews is published by AVISIAN Publishing
315 E. Georgia St.
Tallahassee, FL 32301[email protected]
Use our contact form to submit tips, corrections, or questions to our team.
©2023 CampusIDNews. All rights reserved.