11/30/2004: BOL Secure Authentication NOW REQUIRED

Information and configuration instructions are available here. If you are having problems configuring your email client, please call the BOL Help Desk at 310-267-4357, option 1. You can use webmail at https://mail.ucla.edu in the interim.

We apologize for any inconvenience this may cause.

Original Notice

In order to provide you with a secure computing environment, clear-text password authentication for all of Bruin OnLine's services will be disabled by the second week of winter quarter, on Wednesday, January 12th at 12:00 midnight. Affected services will include the news server (NNTP), file transfer protocol (FTP), and mail services (POP, IMAP, SMTP). All of BOL's currently supported software applications offer encryption options, primarily SSL/TLS (Secure Sockets Layer/Transport Layer Security), which will need to be enabled in order for you to continue using them.

Currently, users authenticate to BOL's services by submitting username and password as clear text across the network. Unfortunately, this provides hackers with network access a means to intercept usernames and passwords, which can then be used for malicious purposes. Eliminating clear text submission of authentication credentials will remove one path of attack and increase security for all BOL users.

Beginning at 12:00am, Wednesday, December 15th, the Bruin OnLine FTP servers will begin requiring encrypted authentication. Additionally, beginning at 12:00am, Wednesday, January 12th, 2005, the Bruin OnLine news (NNTP) and mail servers will begin requiring encrypted authentication.

The remainder of this message was deleted as the installation and configuration instructions have been superseded here.