Computing and Information Services launched a new MyCourses login Friday in response to a tip from a computer science student about a security vulnerability.
Prior to the change, anyone could capture a login ID and password when a user signed into MyCourses. Login information allows access to an individual's personal data through Brown websites such as Banner.
But those outside the University community likely would not know about those sites, said David Sherry, chief information security officer for CIS.
The University has been gradually transitioning to the new login system, Shibboleth, since 2009. Because the Shibboleth system carries users' credentials across Brown websites without requiring repeated authentication, Sherry recommended students and faculty close internet browsers when finished, especially on public computers.
CIS announced the change to the campus community on the MyCourses login screen, on the CIS blog and in a Morning Mail post.
CIS members monitored the new login system over the weekend, and the change was "flawless," Sherry said. "We didn't expect technical issues, and there were no technical issues," he said.
