Notice: Instructure Security Incident & Canvas Updates

Yale ITS is monitoring a reported cybersecurity incident affecting Instructure, the vendor behind Canvas. At this time, there is no known significant impact to Canvas services at Yale, and updates will be shared as more information becomes available.

Read More

Critical vulnerability in all versions of Linux.

Critical vulnerability in all versions of Linux. Please check with your vendor for updates and plan to apply patches as soon as possible. For more information, see: https://xint.io/blog/copy-fail-linux-distributions

Read More

YALE-MSS-9.2: Utilize secure passwords for authentication

Standards Group:
YALE-MSS-9: Authentication and Authorization

YALE-MSS-9.2: Utilize secure passwords for authentication

Low Risk Endpoint Required Moderate Risk Endpoint Required High Risk Endpoint Required Low Risk Server Required Moderate Risk Server Required High Risk Server Required Low Risk Mobile Device Not Required Moderate Risk Mobile Device Required High Risk Mobile Device Required Low Risk Network Printer Required Moderate Risk Network Printer Required High Risk Network Printer Required

Details

Passwords, a secret phrase or string of characters, are an important line of defense to protect accounts, data, and your identity.

This standard applies to all user accounts, administrative accounts, service accounts, and API keys.

For a strong password:

  • Create passwords that contain 15 or more characters
  • Use a passphrase, where possible. A passphrase is a string of words with spaces for example:
    • My motto is lux et veritas
    • I have the biggest dog on my street
  • Do not use the same password for different accounts

If a device forces the use of a PIN, the PIN must be at least four characters long and not use repetitive or sequential patterns (e.g., 1111, aaaa, or 1234).

For API keys, rotate the password every 90 days.

Additional information can be found at the link below.

https://cybersecurity.yale.edu/protect-your-identity

Controls