10 Replies - 771 Views - Last Post: 24 January 2011 - 10:18 AM

#1 Riskinit  Icon User is offline

  • D.I.C Head

Reputation: 5
  • View blog
  • Posts: 157
  • Joined: 14-January 10

Dealing with the campus tech department.

Posted 21 January 2011 - 04:02 PM

Is it even plausible that my tech department would consider changing the password policy? Basically right now everyones password has to be a minimum of 8 characters, one of which must be a capital letter and at least one that must be a number. Not that the policy is unreasonable but it is a hassle to have to type in a password that I don't need. (ie Anything of mine worth breaking into isn't worth breaking into.)

My thoughts are that if you have important information you should know enough to make a tough password. What are other peoples thoughts on this?

(Also, we can't re-use passwords and have to change our password every 180 days.) Like I said, not a big problem just an inconvenience that I have to deal with every single day. (Like when you want to drive fast on a highway but everyone is blocking you. Not a big problem but a nuisance.)

Is This A Good Question/Topic? 0
  • +

Replies To: Dealing with the campus tech department.

#2 no2pencil  Icon User is offline

  • Head MFIC
  • member icon

Reputation: 5063
  • View blog
  • Posts: 26,437
  • Joined: 10-May 07

Re: Dealing with the campus tech department.

Posted 21 January 2011 - 04:06 PM

View PostRiskinit, on 21 January 2011 - 06:02 PM, said:

Is it even plausible that my tech department would consider changing the password policy?

If you have to ask, the answer is a most likely no.

View PostRiskinit, on 21 January 2011 - 06:02 PM, said:

we can't re-use passwords and have to change our password every 180 days

<sarcasm>
Nothing is more secure than when users write down their password & stick it to their monitor.
</sarcasm>
Was This Post Helpful? 1
  • +
  • -

#3 Riskinit  Icon User is offline

  • D.I.C Head

Reputation: 5
  • View blog
  • Posts: 157
  • Joined: 14-January 10

Re: Dealing with the campus tech department.

Posted 21 January 2011 - 04:13 PM

Quote

Nothing is more secure than when users write down their password & stick it to their monitor.


I can't tell if this is really sarcasm or not. >.>

I'd agree with the comment though. On a side though I feel that nobody really makes their passwords random.

Like if I wanted my password to be riskinit.

I could just make my campus password Riskin1t.

The perceived safety seems high but not that much higher.
Was This Post Helpful? 0
  • +
  • -

#4 no2pencil  Icon User is offline

  • Head MFIC
  • member icon

Reputation: 5063
  • View blog
  • Posts: 26,437
  • Joined: 10-May 07

Re: Dealing with the campus tech department.

Posted 21 January 2011 - 04:20 PM

I feel that security is removed by forcing members to change their password, or by over complicating the password rules. If a password is too easy, then it can be guessed, sure. But 8 characters, & force the password to contain a number, & it should be good enough in my opinion. At that point one would need to intercept transmission, or gain access to the back-end processing to capture passwords. & also at that point the responsibility is no longer on the account holder, but on administration. Forcing people to change their passwords will result in them eventually writing them down. & at that point the account has little to no security.
Was This Post Helpful? 1
  • +
  • -

#5 JackOfAllTrades  Icon User is offline

  • Saucy!
  • member icon

Reputation: 5951
  • View blog
  • Posts: 23,214
  • Joined: 23-August 08

Re: Dealing with the campus tech department.

Posted 21 January 2011 - 04:42 PM

So ridiculous. My work has a policy -- which no one was made aware of, nor is there any warning -- of requiring an Exchange password change about every 90 days. No message saying "Time to Change Your Password", just one day you can't log in to Exchange and need to open a ticket to get them to reset your password. This policy is not even elucidated anywhere, it just is what it is. We've now resorted to setting an 85-day recurring event in Outlook to remind us to change our password before we're shut out.
Was This Post Helpful? 0
  • +
  • -

#6 hookiethe1  Icon User is offline

  • D.I.C Lover

Reputation: 415
  • View blog
  • Posts: 1,335
  • Joined: 28-September 10

Re: Dealing with the campus tech department.

Posted 21 January 2011 - 05:26 PM

Yeah I have to change mine every 3 months at work. A good trick I read a while back is to think of some phrase or quote or whatever and use it's acronym, it's often easier to remember and results in a truly nonsensical jumble of letters. I also do the old sub certain numbers or symbols for letters trick and I can usually come up with something that's dead easy to remember and makes absolutely no sense to anyone else.
Was This Post Helpful? 0
  • +
  • -

#7 mostyfriedman  Icon User is offline

  • The Algorithmi
  • member icon

Reputation: 725
  • View blog
  • Posts: 4,471
  • Joined: 24-October 08

Re: Dealing with the campus tech department.

Posted 22 January 2011 - 02:57 AM

My university's IT department has the same policy when it comes to passwords. The thing that pisses me off is that you are forced to change the password after a while otherwise it expires and then you have to reset it from the campus, you can't do it from your personal computer. I know its good to change passwords on a periodic basis, but I don't like to be forced to do it.
Was This Post Helpful? 0
  • +
  • -

#8 SpeedisaVirus  Icon User is offline

  • Baller
  • member icon

Reputation: 114
  • View blog
  • Posts: 855
  • Joined: 06-October 08

Re: Dealing with the campus tech department.

Posted 22 January 2011 - 08:24 AM

You shouldn't complain about the password policy. It's better than a lot of places. My last help desk job had a similar policy but there was no notification of expiration...I'd say about a 3rd of our calls were related to the fact passwords would expire and there was no indication of why they couldn't log in or what to do about it.
Was This Post Helpful? 0
  • +
  • -

#9 5thWall  Icon User is offline

  • Occasional Member

Reputation: 31
  • View blog
  • Posts: 529
  • Joined: 17-September 08

Re: Dealing with the campus tech department.

Posted 23 January 2011 - 09:40 PM

My university doesn't require most students to change their passwords on a regular basis, but employees and student workers need to change it once in a while, we usually get a 5day countdown and can change it over the web, so it's not really that much of a problem. There are also some rules about capitals, numbers, special characters, length, which I've never had to worry about.

<aside>
Personally the only password policy I've have a problem with is for my "we conform to the industry standard for security on this site" gas company. Their password policy consists of (as far as I know) not publishing the damned password guidelines, silently shortening my password to the maximum length, and then storing my password in plaintext. :censored:
</aside>

Even as a student you probably have access to your own grades, financial, and non-directory contact information. Do you use your school email for anything remotely important? Don't you think any of that is worth protecting? I claim, if you've passed any sort of higher level math class, you've probably had to memorize harder things than an 8 character string with a single capital and a single number, and with a greater frequency than once every 180 days. So is it really that much of an inconvenience?

This post has been edited by 5thWall: 23 January 2011 - 09:41 PM

Was This Post Helpful? 0
  • +
  • -

#10 rgfirefly24  Icon User is offline

  • D.I.C Lover
  • member icon


Reputation: 260
  • View blog
  • Posts: 1,417
  • Joined: 07-April 08

Re: Dealing with the campus tech department.

Posted 24 January 2011 - 07:43 AM

where I work we are not only required to change our passwords every 45 days, but we also have to make sure that we let the Corporate IT guys know that we still work here every 90 days or else they lock our username. The worst part of this is that there is no notification of username expiration, so we had to create our own AD interface that will email managers when usernames are about to expire.
Was This Post Helpful? 0
  • +
  • -

#11 Curtis Rutland  Icon User is online

  • (╯□)╯︵ (~ .o.)~
  • member icon


Reputation: 4310
  • View blog
  • Posts: 7,463
  • Joined: 08-June 10

Re: Dealing with the campus tech department.

Posted 24 January 2011 - 10:18 AM

I honestly don't think that password policy is unreasonable. Changing your password once every half-year? My work makes me do it every 90 days, and we can't reuse any of the last five.

Eight characters, one capital and one number. That's not over-complicated at all. It keeps people from using "password" as their password, or "abcde" or "qwerty". You'd be damn surprised at how many people do just that.

Though some people are just hopeless from the get-go. At my last company, before I was laid off I started doing help desk. This company had no enforced password changes. We had let go of the network admin, and since he knew so many passwords, we forced a global change. I had to go desk to desk to help these people change their passwords, and at at least one in three's desk, I found a sticky somewhere with their old password.

Under the keyboard was most common, but behind the monitor was common as well. Under the desk was less common but it happened. One lady just went to a notebook on her desk and opened the cover. There it was written down.

My point is, it doesn't matter how relaxed a security policy is. Some people are going to violate it. But yours isn't all that restrictive. It's actually pretty good.
Was This Post Helpful? 0
  • +
  • -

Page 1 of 1