The implementation of the identity management system (IDM) is one of the major university projects of the Center for Information Technology of the UO. The aim of the project is to provide users with:

• Unification of multiple user identities into one,
• Easier and more secure management of login credentials,
• Unified and centralized management of digital identities and credentials,
• A notable increase in the security of the entire IDM.

The first observable change that will affect all university users is the creation of a new identity with a new username and password. We plan to start this change in the months of May and June. The username will be a combination of letters and numbers. The letters will be based on the user’s first and last name.

Why such a combination? Why numbers? Won’t that make the username more complicated and therefore harder to memorize? At a first glance yes – the change may seem for the worse, but it is not. It is nothing to worry about and on the contrary – some users may even find themselves grinning at the funny username they have been given. However, the essence of this change is to improve user security. It is a good idea to keep your username as distant from your person as possible. This way, the attacker has to worry not only about the password, but also the username.

The new password will have to be stronger and more secure than the current rules require. The entire process from creating an identity, handing over login credentials to blocking access and then deleting user data will also undergo a major change.

The user will be assigned a new username, but passwords to university systems are created by the user, so it is very important to create strong and secure passwords. It is therefore a good idea to follow these proven principles when creating passwords:

1. Passwords should be at least 12 to 14 characters, ideally at least 16, preferably 20. The more characters a password has, the harder it is for an attacker to obtain it through a so called brute force attack.
2. Passwords should contain a combination of upper and lower case letters, numbers and special characters such as #, %, !, $. An example of a strong password is “#5tQm$K7%zL8xP4t”.
3. It is essential to avoid using easily guessable information such as names, dates of birth, home addresses or phone numbers.
4. It is safe to create a password using a combination of words, upper and lower case letters, numbers and characters. Such passwords are called “phrase passwords”. They are easier for users to remember. An example of a strong password is „*CorrectKuNnaBatt3rieStaple!“.
5. Never use the same password for multiple accounts. If an attacker gains access to one of your accounts, they can use it to access others.
6. Do not share, publish or lend your passwords. IT specialists do not need to know them to do their jobs.
7. Once in a while, it is a good idea to consider changing passwords to access university systems. If a user does this at least once every 12 months, they will not be doing anything wrong, on the contrary, they will be improving the security of their identity.

The new identity will be used in the Microsoft IT environment. They will be able to log into his/her computer, mailbox using Outlook or the WWW interface. The same applies to the MS Teams application or OneDrive data storage, if used by the user. Other university systems will start working with the new identity gradually. We plan to complete the entire process of changing user identities in 2023. All users will be informed of all steps on a regular basis well in advance.