By Emerald Bensadoun
From unlimited Google Drive storage space, to having a university-approved email address to submit to employers, having a student email account comes with a variety of perks for many students at Ryerson.
Now, thanks to the school’s new alumni Gmail policies you can keep your Ryerson email account for even longer after graduation.
Until last year, even if a student had only taken one course during their time at Ryerson, they could still have full access to their accounts for up to five years after graduating. Long after five years had passed, many students were still able to log into to their my.ryerson portals, using their student numbers as usernames in order to access transcripts, tax statements and other useful bits of information.
On March 10, 2017, Ryerson’s Computing and Communications Services (CCS) sent a mass email to students explaining they’ve changed the five-year limit to one year with free yearly renewals for alumni. And yes, that renewal includes the infinite amount of Google Drive storage space. Any student who has graduated or completed a program in or after 2012 and currently has a Ryerson account will automatically receive a renewal link via email, and can continue renewing their accounts forever. In 2017 approximately 10,000 people renewed their access.
So, why the change?
Ryerson Chief Information Officer Brian Lesser said 1,170 Ryerson email accounts were hacked in 2014.
Ryerson was “really alarmed” by the number of accounts that were hijacked, Lesser said. “I kind of lost all my composure,” he said. “We brought people into a room and I said ‘I don’t care how busy we are—we were really busy—I don’t care. We need to figure this out and do something.’”
According to Lesser, hijacking occurs for two main reasons. The first is that inactive accounts become easy prey for attackers looking to send spam. Too much spam, Lesser said, could become “dangerous” and potentially lead to individuals and larger companies refusing to accept email from the university.
The second stems from people attempting to breach firewalls to gain access into an international library from around the world looking for scholarly journals that are only free on academic databases. Lesser said these hijackers are most likely students studying at universities from different parts of the globe who wouldn’t be able to afford those journals on their own.
Upon further review, Lesser said the CCS determined a majority of the accounts being compromised were older with weaker passwords. In the early 2000s, Lesser said password requirements were much more lax than they are now. Others, he said, were from accounts in which students were found using the same password for multiple accounts, including Facebook, Yahoo and personal emails.
Since then, Ryerson has introduced more complex password rules and encouraged students to adopt two-factor authentication on their Ryerson accounts. That security feature requires users to log in with a unique code generated on a mobile device, thereby ensuring that even if a person guesses an account’s password, they’re still missing part of the key to get in.
In 2015, the number of compromised accounts Ryerson detected went from 1,170 to 249. In 2017, that number dropped to 198.
“Forcing people to renew their accounts if they’re alum gives us an opportunity to make sure that those accounts are still being used and if they’re not will be disabled,” said Lesser. “Now we’re just trying to reduce the attack surface and keep knocking down the number of hijacked accounts.”