The SI have been operating a centralized authentication system since February 2006, that is, a single identification system, which allows all Técnico users to access the various IT services, using the same authentication credentials – the same username and keyword.
Given the degree of criticality of this password, which allows access to multiple Técnico services, the following rules were established:
- The keyword is personal and non-transferable. The transfer of the password to third parties, whether internal or external to IST, is strictly prohibited and an act subject to investigation and disciplinary proceedings. If such transfer results in the illegitimate processing or authorization of administrative procedures or irregular viability of academic acts, IST may initiate criminal proceedings against the active or passive authors of the transfer.
- The password must be renewed periodically by the user. If this does not happen spontaneously, the system requests the change of password after a given time (about 15 months).
- The password must have at least eight characters and three distinct variants (upper case letters, lower case letters, numbers and punctuation).
The SI are aware that the periodic and mandatory change of passwords is an uncomfortable procedure for most users and is often involved in some controversy about the real security it guarantees. We are, however, convinced that this is an essential process to prevent passwords from being tampered with, taking into account the high number of times they are used daily at Técnico and the fact that expeditious means are often used to avoid their explicit reintroduction ( namely, memorization in browsers) whose intrinsic security is limited. Therefore, this process is considered indispensable for operational and safety reasons.