Intellectually, I understand the motivation (although I doubt the regulatory excuse applies outside the context of student and medical records), but I don't like this one bit:
Dear CaneID user,
Effective immediately, the University of Miami will be enforcing a password
reset policy requiring all CaneID account passwords to be reset every 180
days. The purpose of the policy is to safeguard the confidentiality and
integrity of University data and resources, address regulatory compliance
requirements and adhere to industry best practices.
I predict more passwords stuck to post-its on computer monitors as a result.
Now all they need is to institute a similarly annoying policy to protect data backup tapes sitting in unattended storage company vehicles.
Probably better than having everyone with a password like “passwordUM” or “FroomPass” ??
Don’t knock security!
You people in Florida are responsble for the North Korean CyberTerror™ attacks that sent Rep. Peter Hoekstra into a tizzy a few days ago.
Now that the DDoS C&C has been traced back to Florida, stand by for more retaliation!
You know exactly what all this to do with the new password change policy.
It is quite simple, you generate your password from a static string and a suffix comprised of the year and quarter.
So your first password will be Password39 and in october you change it to Password 49 and so on. Capitalizing the first letter avoids the idiotic upper case requirement on some systems.
All these superstitious password practices were invented in 90-92 when the first copies of crack started to circulate and it became clear that UNIX passwords were not made more secure by not using access control to protect the password file. At the time the unix die-hards would argue against shadow passwords till they turned blue and almost died of asphyxiation. Crack ended that particular stupidity and led to panic attempts to make passwords harder to crack.
Since then computing power has increased by three orders of magnitude and using capitals or non-alphabetic chars does absolutely nothing to prevent a dictionary attack. All they do is to encourage the type of password practices that lead to failures.
A similar type of stupidity leads people to design CAPTCHAs that rely on very close shades of color – something humans find difficult but machines find really quite easy to process.
ny trth t the rmrs tht Jnt Strns gt frd ths wk?
whr dd y hr tht rmr?
Yes, this is the way my law firm works too. The password rotation used to be 30 days, but we complained it up to 60 days now. Many days my PC is so secure that I can’t log in because I can’t remember my password.
Hrd it earlier ths wk on cmps
Some administrator at UM reset my password. Now all I get is spam block spam forwarded to my email.
It doesn’t matter what the policy is as long as idiots run the asylum. Although according to the rumors this might be changing.
Think of something you like or admire or enjoy.
My thing is movies.
Now take Iron Man
and with a little substitution of
eye = one
A = @
Oh = Zero
E = 3
change the great Pepper Potts
Upper case, Numbers, all sorts of fun.
Then in 30 days go to
Tony Stark, the main hero and inventor of the Iron Man.
Don’t like movies? Try PIzza’s, brands of soda, favorite whiskey Wh15k3y
Your Turn now 40urTurnN0w
Janet is enjoying a few days vacation out of town. I imagine that when a workaholic doesn’t show up on campus for a couple of days, rumors start. But there’s nothing to it.
I am out on the Oregon Coast attending a family wedding.
I gather that while I have been here some rumors have run wild. Someone has located in a news archive the UM Law posting of a search for the UM Law School Dean of Students. This posting is 3 years old. Not sure who found it first, but it has spread like wildfire on email and facebook. I will be back at work on Tuesday morning.
I am looking forward to welcoming Dean White to UM Law School next week and working closely with her to continue to make UM Law School the very best that it can be.
See you soon!
Oh, you’re lucky. Over here it’s every 90 days…
You should change you CaneID password, if you haven’t in the last six months. In the fine print, below, you will find (1) a way of generating easy to remember and hard to guess passwords and (2) some suggestions that might help you remember your passwords.