September 1, 2014 Student Password Change Email

This email is directed towards those who have not changed their Mines passwords since early April this year when a widespread security breach occurred (the Heartbleed security vulnerability resulted in worldwide password compromises.) Recent malevolent activity on campus suggests that it is critical that everyone change their passwords as soon as possible.

To protect the institution, we must require all who cannot recall changing their passwords after April 8th, 2014, to change them immediately. If you are not sure exactly when you last changed them, you should change them now.

Beginning on Monday, September 15th, 2014, we will begin manually locking-out any remaining accounts that have not had their passwords updated since April 8th, 2014. At that time, the only ways of restoring access is either using your EKey through http://newuser.mines.edu/ekey_password/, or by working directly with CCIT for resolution.

On Monday, September 8th, 2014 (a week ahead of the above deadline date), the automatic Windows account locking mechanism, which has been temporarily disabled, is going to be re-activated. This may, in a few cases, cause lock-out issues. Your account could be locked out if any of your devices, e.g. computer, laptop, tablet or smartphone, still have your “old” (now expired) password and attempt to authenticate. This puts your account into an automatically-locked state until we can identify the cause.

Therefore, for minimal disruption, we strongly recommend that you update your Mines’ passwords before Monday, September 8th, 2014.

Five passwords must be changed. These are
– ADIT
– Multipass
– Trailhead
– Blackboard
– MyMail

In most cases the first 3 can be changed simultaneously to the same password string – see the instructions following this message for important information on how to change these passwords. Blackboard and MyMail must be changed separately and must be set to a different string.

Please note that we have seen a significant increase in the number of email “phishing” scams targeted at our staff and students. It is critical that everyone remember that Mines will never ask you for your password via email. You should verify any email involving passwords or other sensitive information (including this one) by checking the Security section of the CCIT webpage. If there are any doubts at all please contact CCIT before responding to any email.

We understand that this is an inconvenience and appreciate your understanding with respect to this issue. Thank you for your assistance with this.

Phil Romig
Interim CIO / CISO

=================================

The instructions that follow are intended to minimize the disruption that can be caused when multiple devices are accessing the same system with different passwords.

To change ADIT, Multipass and Trailhead passwords simultaneously:

1. Turn off all devices other than the computer you are using. This includes phones, tablets, laptops and other computers.

2. From your computer use the link http://newuser.mines.edu/password to change your ADIT, Multipass and Trailhead passwords. You will need to know your Multipass password on this webpage. If you do not know your Multipass password but you originally used newuser to create your accounts, then it is possible that your ADIT password will work here too. If you know your EKey then go tohttp://newuser.mines.edu/ekey_password to use your EKey instead.

3. If you do not know either your Multipass password or EKey and your ADIT password does not work, then see below for an alternate course of action.

4. From your computer log into Blackboard and either select Personal Information to change your Blackboard password or select Forgot Your Password from the login screen. Note that recent activity on campus suggests that it is particularly important that your Blackboard password NOT be the same as the one you use for ADIT.

5. To change your MyMail password: either login to MyMail as usual and select Settings -> Accounts -> Google Account Settings to reset your password, or, using your EKey, visit http://newuser.mines.edu/mymail.

6. After waiting 15 minutes your password changes should propagate throughout the systems.

7. One at a time turn on each of your other devices. On each device view your mail and calendar. In each case you will be prompted for your new password. IMPORTANT NOTE: Mapped drives and printers will also have to be reconfigured.

Alternate course of action:

If this process fails or if you do not have/know your EKey, student consultants are available to assist you with changing your passwords on a walk-in basis in the Computer Commons inside CTLM (CT 156A.) Before coming in for assistance, please turn off all devices, per step 1 above and ensure that you have your Blastercard for identity verification.