On January 30, 2020, UTK staff, faculty, and student employees were notified by email that they must reset their NetID password. This is a legitimate email sent from Joel Reeves, Associate Vice Chancellor and Chief Information Officer. All affected employees will receive password expiration reminders as their password expiration approaches. If you do not change your NetID password by this date, your NetID password will expire.
Many have expressed their concerns as they are already enrolled in two-factor authentication. They have reset their NetID password to a password that is between 12-16 characters, and the password should meet the requirements to no longer expire. Two-factor authentication indeed allowed us to change our policy on changing passwords. However, in light of the recently announced security threat on a commercially purchased system, it is from an abundance of caution that we are requiring NetID passwords to be changed.
Even with the additional layer of protection that two-factor authentication offers, there are still systems across the many departments at the university that are not protected by two-factor authentication. Despite all the security measures in place on your account, a breach, though rare, is still possible. The university has an obligation to help detect and fix any security incident that may be found on your account in an effort to keep you and your data safe. This security threat on one of the University’s commercially purchased systems can be compared to the issues companies like Target and Home Depot have faced during the past few years. Your UT NetID account is no exception. When the university is made aware of a security incident, we want to make sure we follow precautions to prevent a compromise of your data.