Before freshman Nikime Headley was hacked on Facebook, she rarely thought about changing passwords on her social media accounts.
“[My account] started sending spam messages to other people,” Headley said. “Now I change my password about every other month.”
Headley’s experience is not uncommon; a 2011 survey from the New York Daily News revealed about 600,000 Facebook accounts are hacked on a daily basis. Many Quinnipiac students, including sophomore Kelsey Pavao, have witnessed out-of-the-ordinary behavior from a Facebook friend.
“You see stuff like weird messages or weird pictures being posted,” Pavao said. “The picture thing has happened to me before, where my account posted one and tagged a bunch of people in it.”
Pavao said she deleted the picture but didn’t start changing her password more frequently.
This sort of behavior is problematic for Brian Kelly, the chief information security officer at Quinnipiac. Kelly has witnessed many security breaches on students’ emails and WebAdvisor accounts, but noticed a majority of students seem unconcerned with the issue.
“We try to reach out to students and say that their computers or accounts are at risk and students generally say [they] don’t care,” Kelly said. “I think [the issue of security] is a difficult one for a student audience; you’re young and you feel like you’re invincible, so you have a different perspective of privacy than older people do.”
A majority of the low-frequency security breaches at the university have been pranks, such as a student logging onto their roommate’s Facebook or Twitter account and posting joke statuses or messages or logging onto online gaming accounts and stealing a user’s currency in the game.
However, Kelly has experienced more severe cases of students hacking into someone else’s WebAdvisor account where someone registered and dropped all of a person’s newly-added classes.
To combat these issues, the university provides a variety of cyber-security resources for students on MyQ, including a free antivirus product for Macs and PCs and Information Security Awareness Training videos which are updated twice a year.
Since many students fail to receive adequate information on the topic throughout middle and high school, next year’s incoming freshman class will be required to watch the videos and complete a module similar to Alcohol.Edu for cyber security.
“When we ask a student when they learned about cyber security in grades K-12, a lot of times they’ll say that no one’s ever taught them anything,” he said. “There’s probably more focus on cyber-bullying in school now, but there’s still not a lot of emphasis on how to protect yourself.”
In addition to the topics of email and messaging, social networks and mobile device security, the three-to-six-minute videos also discuss password security.
Kelly knows the university’s practice of changing passwords every 180 days is frustrating for some students.
“People think it’s a pain,” Kelly said. “But a lot of times if passwords are compromised here, it can give hackers access to your financial information and potentially passwords to other online accounts. It’s important to keep your login information confidential.”
His opinion is shared by freshman Cameron Renslow.
“I feel like [changing my QU password] is sort of annoying, but it’s also a good thing,” Renslow said. “There’s a lot of stuff on there that I wouldn’t want people to have access to. I probably should change my other passwords more often. It’s actually really bad because I use the same password with variations for everything.”
While Kelly says updating passwords is a good practice for post-college employment because employers will ask you to change your passwords often, some students disagree with the university’s policy.
“I think it’s too much; I think we change them too often, and I run out of passwords to use,” sophomore Emily Katz said. “Our school emails aren’t really something that someone would want to break into.”
Katz said that she’d prefer to change her password once a year rather than every semester.
In honor of National Cyber Security Awareness Month this October, Kelly shared some tips for online safety.
“The biggest thing is just to be cautious,” he said. “Be careful of where you’re putting information. We always recommend that on social media accounts – whether it’s Facebook, Twitter, Instagram, etc. – make sure that your settings are such that your privacy is protected and you’re not giving away too much personal information.”
Katz agreed students should make the content on their social media sites private.
“People can go through all your photos on Facebook if it’s not private: they can save pictures of you and it’s creepy,” Katz said. ”Someone you don’t know can literally see everything you do, if you’re not careful.”