Yuk

Intellectually, I understand the motivation (although I doubt the regulatory excuse applies outside the context of student and medical records), but I don't like this one bit:

Dear CaneID user,

Effective immediately, the University of Miami will be enforcing a password
reset policy requiring all CaneID account passwords to be reset every 180
days. The purpose of the policy is to safeguard the confidentiality and
integrity of University data and resources, address regulatory compliance
requirements and adhere to industry best practices.

I predict more passwords stuck to post-its on computer monitors as a result.

This entry was posted in U.Miami. Bookmark the permalink.

14 Responses to Yuk

  1. Josh says:

    Now all they need is to institute a similarly annoying policy to protect data backup tapes sitting in unattended storage company vehicles.

    https://www.discourse.net/archives/2008/04/shalalas_message_on_umiami_employee_medical_data_privacy_breach.html

  2. Chuck says:

    Probably better than having everyone with a password like “passwordUM” or “FroomPass” ??

  3. steven says:

    Don’t knock security!

    You people in Florida are responsble for the North Korean CyberTerror™ attacks that sent Rep. Peter Hoekstra into a tizzy a few days ago.

    A key Republican lawmaker on Thursday urged President Obama to launch a cyber attack against North Korea, or increase international sanctions against the communist country, in the wake of an unknown hacker’s denial-of-service attacks on U.S. and South Korean websites.

    Rep. Peter Hoekstra (R-Michigan), the lead Republican on the House Intelligence Committee, said the U.S. should conduct a “show of force or strength” against North Korea for a supposed role in a round of attacks that hit numerous government and commercial websites this week.

    Now that the DDoS C&C has been traced back to Florida, stand by for more retaliation!

    You know exactly what all this to do with the new password change policy.

  4. PHB says:

    It is quite simple, you generate your password from a static string and a suffix comprised of the year and quarter.

    So your first password will be Password39 and in october you change it to Password 49 and so on. Capitalizing the first letter avoids the idiotic upper case requirement on some systems.

    All these superstitious password practices were invented in 90-92 when the first copies of crack started to circulate and it became clear that UNIX passwords were not made more secure by not using access control to protect the password file. At the time the unix die-hards would argue against shadow passwords till they turned blue and almost died of asphyxiation. Crack ended that particular stupidity and led to panic attempts to make passwords harder to crack.

    Since then computing power has increased by three orders of magnitude and using capitals or non-alphabetic chars does absolutely nothing to prevent a dictionary attack. All they do is to encourage the type of password practices that lead to failures.

    A similar type of stupidity leads people to design CAPTCHAs that rely on very close shades of color – something humans find difficult but machines find really quite easy to process.

  5. John says:

    ny trth t the rmrs tht Jnt Strns gt frd ths wk?

  6. overjoyed at that rumor says:

    whr dd y hr tht rmr?

  7. Bret Fausett says:

    Yes, this is the way my law firm works too. The password rotation used to be 30 days, but we complained it up to 60 days now. Many days my PC is so secure that I can’t log in because I can’t remember my password.

  8. John says:

    Hrd it earlier ths wk on cmps

  9. Student who apparently will not be getting anymore emails from the alumi office asking for $$$ says:

    Some administrator at UM reset my password. Now all I get is spam block spam forwarded to my email.

    It doesn’t matter what the policy is as long as idiots run the asylum. Although according to the rumors this might be changing.

  10. Chuck says:

    Think of something you like or admire or enjoy.
    My thing is movies.
    Now take Iron Man
    and with a little substitution of
    eye = one
    A = @
    Oh = Zero
    E = 3
    change the great Pepper Potts
    to
    P3pp3rP0ts

    Upper case, Numbers, all sorts of fun.
    Then in 30 days go to
    T0n4St@rk
    Tony Stark, the main hero and inventor of the Iron Man.
    Don’t like movies? Try PIzza’s, brands of soda, favorite whiskey Wh15k3y
    Your Turn now 40urTurnN0w

  11. michael says:

    Janet is enjoying a few days vacation out of town. I imagine that when a workaholic doesn’t show up on campus for a couple of days, rumors start. But there’s nothing to it.

  12. Janet Stearns says:

    Hello all:
    I am out on the Oregon Coast attending a family wedding.

    I gather that while I have been here some rumors have run wild. Someone has located in a news archive the UM Law posting of a search for the UM Law School Dean of Students. This posting is 3 years old. Not sure who found it first, but it has spread like wildfire on email and facebook. I will be back at work on Tuesday morning.

    I am looking forward to welcoming Dean White to UM Law School next week and working closely with her to continue to make UM Law School the very best that it can be.

    See you soon!

  13. John Flood says:

    Oh, you’re lucky. Over here it’s every 90 days…

  14. new energy says:

    You should change you CaneID password, if you haven’t in the last six months. In the fine print, below, you will find (1) a way of generating easy to remember and hard to guess passwords and (2) some suggestions that might help you remember your passwords.

Comments are closed.