University Information Services recently increased security measures to everyone’s PUNet accounts. Now when someone logs on to their PUNet account, they will notice the addition of four security questions. Three are self-help questions that are asked when using the “I forgot my password” link and a fourth that is displayed at the help desk and used to verify the identity of those who call in for support.
When asked why UIS felt it was necessary to more security to the PUNet accounts, Chief Information officer of UIS Jim Fleming,“Before there was no way of validating who clicked on the link when someone forgot their password.” Fleming said, “UIS gets 30 to 50 phishing attempts a day.” He added that while the firewall catches most of them, he thinks it’s important to increase security as phishing attempts increase and become more sophisticated.
One difficulty UIS had when coming up with a way to implement new security to the PUNet accounts was that there are some limitations to what information they can ask for. “UIS cannot ask a person for their social security number or date of birth,” said Fleming.
Other recommendations that would increase one’s level of security when accessing personal accounts are to never share your password or use the same password for everything.