Dismiss Notice
Join Physics Forums Today!
The friendliest, high quality science and math community on the planet! Everyone who loves science is here!

Forceful changing of passwords

  1. Feb 14, 2010 #1


    User Avatar
    Gold Member

    Good God. Apparently California State University - Fresnos' (and yes I'm intentionally naming names) IT department is full of CRAP. Maybe this is just because I became "faculty" but ever since last semester they have required we change our passwords to log into their systems (for emails, class stuff, online course work, everything) every 3 months. That's fine but the thing that pisses me off is that they demand you use a new password everytime that's checked against your last 12 passwords. In other words I can't use the same password for the next 4 years. 4 YEARS!!!! Seriously, I use the same/similar passwords for most my accounts and I've never ever had an account compromised. Ever. Anywhere.

    Sometime I think the IT department is actually teh special ed department in disguise.
  2. jcsd
  3. Feb 14, 2010 #2

    Ivan Seeking

    User Avatar
    Staff Emeritus
    Science Advisor
    Gold Member

    Just keep adding the same character, like an "S", to your existing password.

    I suggest starting with CSFITSUCKS
  4. Feb 14, 2010 #3
    I need a password like that. What is it?
  5. Feb 14, 2010 #4


    User Avatar
    Gold Member

    Oh it depends, if its anything financially related its .... wait a minute. you sneaky little...

    Now you're thinking! Or I can use my normal password and slowely add letters. First one is will be I, then T, then C-A-N-S-U-C-K-I-T. That'll last me probably long enough until im out of grad school and have lost my actual need to have an email for the university.
  6. Feb 14, 2010 #5
    concatenate favoritepassword and mmyy datecode :shy:
  7. Feb 14, 2010 #6
    just add a number to the end of your password and do an increment of one to the password everytime they ask you to change it if you are not so psyched about security.
    Last edited: Feb 14, 2010
  8. Feb 14, 2010 #7


    User Avatar
    Gold Member

    Yah I probably should. PenguinLover1 it is.
  9. Feb 14, 2010 #8

    Ben Niehoff

    User Avatar
    Science Advisor
    Gold Member

    What's funny is that, while you may not use a password identical to any previous ones, you are allowed to change just one letter...it doesn't really add more security that way, since if someone knows "PenguinLover1", it's not too hard for them to guess "PenguinLover2".

    However, it's actually impossible to design a system that can check for something more general than merely exactly matching previous passwords. The reason is that the password must be stored by using an irreversible (in principle) hash map...and that hash map must be such that it maps close strings to distant strings (where distance is some metric of how much the strings match). Therefore the best the system can do is take password2, hash it, and see if it matches the stored hash for password1.
  10. Feb 14, 2010 #9
    Hmm. I'd bet that there are a few people who might follow a somewhat predictable pattern when forced to change passes so frequently. I'd question the safety of such a requirement; they'd better have that password database very secure.
  11. Feb 15, 2010 #10


    User Avatar

    Staff: Mentor

    We have the same password rules at work, so we all keep a list of all of our passwords on a sheet management gave us so we can keep track of them and keep it next to our computer. Most of us also keep a list electronically in our computers in a folder cleverly disguised with the name "passwords".
  12. Feb 15, 2010 #11


    User Avatar
    Gold Member

    You are in love!!! Wuahahaaahaa :rofl: aaahaaa
    So, who is it? A fish :biggrin:
  13. Feb 15, 2010 #12

    D H

    User Avatar
    Staff Emeritus
    Science Advisor

    Similar password rules exist where I work. Their password checker is even more stringent. If one's password is PenguinLover1 one month, changing it to PenguinLover2 the next won't work. Moreover, if one has multiple accounts (e.g., an account for receiving Microstuff mail, another account for lab A, another account for lab B, etc.), the passwords have to be different in each system, have to be changed on an annoyingly regular basis, and can't have any words in them. Passwords have to be random forgettable nonsense.

    Oh yes, they can't be written down or stored anywhere. IT people can be incredibly dense. Their rules cannot be followed. As a result, people go out of their way to keep their passwords the same on different systems, or write them down, or put them in a file conveniently called passwords, or mail the passwords to themselves, unencrypted of course.

    IT people do realize that people do forget their passwords. For example, I can call the helpless desk over the phone and ask for a password reset. This happens so often that the helpless desk will will reset my password without asking for my address, my mother's maiden name, or any other silly nonsense that proves that I am who I claim to be.

  14. Feb 15, 2010 #13


    User Avatar
    Homework Helper

    I usually just follow a string of digits for the decimal expansion of say, [itex]\pi[/itex] or [itex]\sqrt{2}[/itex]. I can cope with quite a few password changes since I know quite a few random irrational numbers to enough decimal places.

    I just hate when they require at least 1 number in a password. Everyone knows the average user is just going to add a one at the end of their original all-word pass.
  15. Feb 15, 2010 #14


    User Avatar
    Gold Member


    If you have friends in the IT Dept they can reset your pwd to what you prefer for you.
    Don't ask how I know this... hehehe

    If you use Firefox, under Tools, Options, Security, it lets you create a master pwd, then enter the URL's, ID's and pwds as needed.

    For more security, just google, password lockers, and there are a number of free ones out there too... fairly secure, encrypted, the only caveat is you must remember the location and master password. Not too hard to do.

    Good luck in whatever method you choose...

    If it were me, and I had 5 to 15 of them to remember, I would use a password locker...

    Last edited: Feb 15, 2010
  16. Feb 15, 2010 #15
    I hate IT departments in general. You would jump off a bridge and die than dealing with a IT department.
  17. Feb 15, 2010 #16


    User Avatar

    Staff: Mentor

    There was a time when even OUR IT dept. required frequent password changes. My PF password ends with 7.
  18. Feb 15, 2010 #17


    User Avatar
    Science Advisor
    Homework Helper

    It's one of the first laws of computer (or pretty much anything) security.
    All attempts to make it more secure by insisting on passwords too long to remember or monthly password changes make the system less secure.

    Physical security is the same, you replace an intelligent receptionist who knows everyone in the dept, with a mall-cop security guard who lets somebody load all the computers into a van because they had clipboards and uniforms (happened at my college - the machines never even got unpacked)
  19. Feb 15, 2010 #18


    User Avatar

    Staff: Mentor

    Problem is, this law is known only to users. For some reason IT security specialists are trained to ignore it.
  20. Feb 15, 2010 #19


    User Avatar
    Science Advisor
    Homework Helper

    The passwords on the computer system I use are pretty sophisticated.

    1. The password has to be at least 37 characters long and the number of characters has to be a prime number.
    2. Your password can't be the same, or similar, to your last 17 passwords (and again, I think there's some significance to the number of past passwords being a prime number). Up to 5 characters of any of your last 11 passwords can be used in your new password, but they can't be used in the same or a similar pattern.
    3. You can't have any part of your password replicate any pattern used earlier in your password. (in other words, I can't create an easy 7 letter password and type it 6 times).
    4. You have to use a minimum of 3 special characters and no special character can be used more than 3 times in the same password.
    5. You have to use a minimum of 3 numbers and no number can be used more than 3 times in the same password.
    6. You have to use a minimum of 3 upper case letters and no upper case letter can be used more than 2 times in the same password.
    7. You have to use a minimum of 3 lower case letters and no lower case letter can be used more than 4 times in the same password.
    8. The characters in your password cannot match the first letters of any phrase used in the Bible.
    9. The characters in your password cannot match the first letters of any phrase used in the Quran.
    10. The characters in your password cannot match the first letters of any phrase used in any of the books in the Congressional Library.
    11. The characters in your password cannot match the first letters of the 19 most commonly used English vulgar phrases.
    12. No two users can have the same password, nor can the system reveal to any user that their password matches the password of any other user.
    13. No two characters of your password can be adjacent to each other.
    14. The characters in your password cannot match the pattern of any legal poker hand.
    15. The physical pattern formed by any two characters can't match any legal moves in the game of chess, checkers, chinese checkers, Go, Sorry!, or Twister.
    16. Your password must be changed at least 4 times a month, but the number of days between each password change cannot the match the number of days between any other password changes over the last 3 months, excepting leap years, when the number of days between each password change must not match the number of days between the last 11 password changes.
    15. You may not write down your password. Your keyboard must be hidden from view when changing your password or, in the event it's impossible to hide your keyboard, the lights must be turned off while changing your password.
    16. Music or other white noise must be present while changing your password to prevent anyone from determining which keys you're pressing by listening to the sound of your keyboad.
    17. When logging on, you have 3 attempts to type your password in correctly. Typing in your password incorrectly 3 times will result in the entire system shutting down in a security lock down. You will need to read the installation computer security regulations in their entirety and pass a 100 question multiple question on-line test before being issued a new password. Logging in incorrectly 3 times and bringing the system to a halt twice in a 721 day period will result in termination of employment, along with expungement of all past and present passwords from your memory.

    Most of the time, we sit around the workcenter drinking coffee and BSing about American Idol, just praying no one walks in and asks us to do any work, since that would require logging to the system and none of us can remember our password. Fortunately for us, anyone that might possibly ask us to do some work have to use the same computer system as us and they can't log in either.

    Our computer tech folks earned the International Computer Security Association's McAfee Award for having the best morale of any IT section in the Northern Hemisphere (they were runner-up to an IT section in New Zealand for the world championship in morale). They also earned a Demeter Workcenter Efficiency Award for an online, computer help system that reduced complaints to zero.
  21. Feb 15, 2010 #20
    So instead of just having the same single password in your memory and not written down anywhere, you're forced to have your passwords written down in several different places. That sounds a lot more secure to me.
Share this great discussion with others via Reddit, Google+, Twitter, or Facebook