Scheduled Service Change: Reminder: Shibboleth login block for targeted users
Event:
2024-03-12 08:00:00
Expected Duration:
2024-03-12 08:00:00
Status:
Closed
Brief Description:
Reminder: Customers using passwords with weak crypto (easily guessed, broken, or otherwise used by bad actors) will be prompted to change their passwords in order to login to Cornell sites using CUWebLogin starting on Tues, Mar 12, 2024 at 8am.
User Impact:
Customers whose account has been identified with weak crypto will see the attached blocking page after they login to shibboleth Identity Provider. Their access will be automatically be restored after changing their NetID password.
Services Affected:
Authentication and Authorization
Subsites Affected:
Identity Management
Full Description:
Reminder: The IT Security Office is taking steps to enforce strong crypto protection for Cornell NetID passwords. Updating to strong crypto is triggered when the customer next changes their NetID password using the Manage Your NetID ( https://netid.cornell.edu/ ) webpage.
Starting Tuesday, March 12, 2024, customers with weak crypto will be blocked from logging into Cornell sites through CUWebLogin (Shibboleth IDP) until they change their password, triggering the crypto update. These customers will also see a message on the CUWebLogin page letting them know about the need to change their password (see the screenshot image attached to the change ticket).
Affected individuals have been notified by targeted email. See https://it.cornell.edu/verified/10786 for the content of the targeted email.
ITSG Directors, TSPs, and the IT Service Desk have been notified about the coming change. IT support details can be seen in the document, “TSP-ITSG info - Updating NetID account strong crypto - Feb 2024” attached to the change ticket.
See also IT News, https://it.cornell.edu/news/netid-password-strong-encryption-will-require-some-users-update-passwords .
Starting Tuesday, March 12, 2024, customers with weak crypto will be blocked from logging into Cornell sites through CUWebLogin (Shibboleth IDP) until they change their password, triggering the crypto update. These customers will also see a message on the CUWebLogin page letting them know about the need to change their password (see the screenshot image attached to the change ticket).
Affected individuals have been notified by targeted email. See https://it.cornell.edu/verified/10786 for the content of the targeted email.
ITSG Directors, TSPs, and the IT Service Desk have been notified about the coming change. IT support details can be seen in the document, “TSP-ITSG info - Updating NetID account strong crypto - Feb 2024” attached to the change ticket.
See also IT News, https://it.cornell.edu/news/netid-password-strong-encryption-will-require-some-users-update-passwords .
CIT TDX ID:
1313974
Timeline of Changes
| Description | Current Status | Date | Time |
|---|---|---|---|
| Reminder: The IT Security Office is taking steps to enforce strong crypto protection for Cornell NetID passwords. Updating to strong crypto is triggered when the customer next changes their NetID password using the Manage Your NetID ( https://netid.cornell.edu/ ) webpage. Starting Tuesday, March 12, 2024, customers with weak crypto will be blocked from logging into Cornell sites through CUWebLogin (Shibboleth IDP) until they change their password, triggering the crypto update. These customers will also see a message on the CUWebLogin page letting them know about the need to change their password (see the screenshot image attached to the change ticket). Affected individuals have been notified by targeted email. See https://it.cornell.edu/verified/10786 for the content of the targeted email. ITSG Directors, TSPs, and the IT Service Desk have been notified about the coming change. IT support details can be seen in the document, “TSP-ITSG info - Updating NetID account strong crypto - Feb 2024” attached to the change ticket. See also IT News, https://it.cornell.edu/news/netid-password-strong-encryption-will-require-some-users-update-passwords . | 2024-03-07 | 11:53:29 | |
| The IT Security Office is taking steps to enforce strong crypto protection for Cornell NetID passwords. Updating to strong crypto is triggered when the customer next changes their NetID password using the Manage Your NetID ( https://netid.cornell.edu/ ) webpage. Starting Tuesday, March 12, 2024, customers with weak crypto will be blocked from logging into Cornell sites through CUWebLogin (Shibboleth IDP) until they change their password, triggering the crypto update. These customers will also see a message on the CUWebLogin page letting them know about the need to change their password (see the screenshot image attached to the change ticket). Affected individuals have been notified by targeted email. See https://it.cornell.edu/verified/10786 for the content of the targeted email. ITSG Directors, TSPs, and the IT Service Desk have been notified about the coming change. IT support details can be seen in the document, “TSP-ITSG info - Updating NetID account strong crypto - Feb 2024” attached to the change ticket. See also IT News, https://it.cornell.edu/news/netid-password-strong-encryption-will-require-some-users-update-passwords . | 2024-02-29 | 13:24:45 |