Now for a moment, try and think about all the numbers you have stored away in your memory. Not just the online information, but information you have for you bank accounts, your parent's birthdays, or even your address. This is all information that we have to keep track of in order to keep up with our daily activities. I know personally I have several numbers that I have to keep track of in order to do simple tasks, such as check all three of my e-mail accounts in the morning, to sending letters to friends, to going to home my parents' house and having to know the alarm code, to checking my bank account online. It's the little things that we do everyday that require security information, which if you do not have a cheat sheet with every password you will ever use written on it, which I would highly recommend, it can be easy to simply get passwords confused.
Narrowing it down to the passwords and e-mail accounts attached to them, the numerous online sites people have is staggering. Even listening to free online radio, listeners have to set up an account with a password to use the site. Recently, UNM's Informaiton Technology Services sent out several e-mails to faculty and students to change their UNM user id, or NetID password, which we use for WebCT, and our UNM e-mail accounts. This new password rule requires users to change their passwords every 180 days or every six months, and users will not be allowed to use a previous password. With all the passwords and e-mail account I have, it tends to get complicated remembering which password to use for which account, much less having to change a password I have memorized and used daily for three years. My hands are nearly trained to type the password, so having to re-train hands and memories, seems so Y2K and outdated. I feel requiring all UNM faculty and students who have a UNM NetID should not have to re-learn a new password just to ITS can claim it is keeping our information safe. My question is, how come ITS now feel like it is necessary for users to change for security reasons? And does this mean our information has not been safe all along?
While it seems nothing can be done unless users want their e-mail accounts to be inaccessible, I will be thinking of a new password similar to my current one so I can hopefully remember it along with the other passwords I have stored away. And maybe by the next six months I can re-learn and get used to this new password before I have to change it all over again.
2 comments:
If you think about it from ITS's point of view. They are people that develop, or buy, software and test it over and over again. All this in a course of a day. Working with computers hours on end. What I'm trying to say is that they are, and I use the term loosely, 'geeks' at heart.
So where as we have other things to worry about such as classes and a hole mess of other daily things to do, they have to learned to protect their personal information easier, mostly because a lot of their personal information is on their computers. Tons of data that actually needs protecting.
We on the other hand mostly use our computers for internet surfing, creative applications, and all other things of the sort, but as far as holding our entire info in a computer we don’t keep as much.
Perhaps it’s because most tend to think in numbers and symbols. So it’s easier for them to remember ‘alarm code’ passwords faster and quicker than we do. I know for a fact that I can learn a new password quickly within a month or so, along with most of my other passwords for each with its own degree of difficulty, proportional it the amount of “important” information each site holds.
It’s just the way my mind works perhaps. Some will find what I say makes sense, while others will do not. It’s just the way people’s minds work, similar yet all different in the end.
Maybe ITS’s doesn’t have enough information on their customers, us, to know what we really want from them. Instead they rely on their own experience or perhaps just on the reviews in choosing what system we use at UNM. We are the ones who help pay for their department in some way. So, perhaps a better base is needed, to make ITS-student relations better?
Cat, just wait - it gets worse. I worked out at Sandia for many years. Their computer security regime uses Kerberos, a security system that as implemented requires password changing every six months or more frequently.
The passwords aren't convenient nmemonics dredged from your memory, like the name of your favorite dead pet, but they are automatically generated by the system and you choose one you think you can commit to memory. But don't write it down ! That's a security infraction, and it'll get you into big trouble.
Each password typically consists of eight characters: letters (both upper and lower case), a number, and a special character like $,#, or &. Combinations like Abc1xyz$ that use all the different characters offer the highest resistance to hacking, though the sequential order of my example would never fly.
If you forget it you have to request a new series of passwords be generated for you from which you choose.
Over the years I have developed a couple of different passwords for all the various websites, on-line stores, blogs, and what-not. My highest-level password incorporates the character rules mentioned above but it is based on a mnemonic so I can keep it in my ever-more-overloaded mind.
Guess what? UNM's ITS password system doesn't accomodate that password because it uses a special character and it's too long.
Post a Comment