Is Mandatory Frequent Password Changing at Universities Effective or Overkill?

  • Thread starter Thread starter Pengwuino
  • Start date Start date
Click For Summary
SUMMARY

The discussion centers on the effectiveness of mandatory frequent password changes at California State University - Fresno, where faculty are required to change passwords every three months and cannot reuse any of their last 12 passwords. Participants express frustration over the impracticality of these rules, suggesting that they lead to predictable password patterns and potentially compromise security. The conversation highlights the challenges of password management, including the use of password lockers and the ineffectiveness of stringent password policies in enhancing security.

PREREQUISITES
  • Understanding of password management best practices
  • Familiarity with password security policies
  • Knowledge of password hashing techniques
  • Experience with password locker tools
NEXT STEPS
  • Research effective password management strategies and tools
  • Learn about password hashing algorithms and their security implications
  • Explore the psychology of password creation and user behavior
  • Investigate the effectiveness of password policies in organizational settings
USEFUL FOR

IT professionals, security analysts, educators, and anyone involved in managing or implementing password policies in educational institutions or organizations.

  • #31
rhody said:
Pengwuino;

If you have friends in the IT Dept they can reset your pwd to what you prefer for you.
Don't ask how I know this... hehehe

This is nonsensical. People in IT Departments have no friends.
 
Computer science news on Phys.org
  • #32
BobG said:
The passwords on the computer system I use are pretty sophisticated.

1. The password has to be at least 37 characters long and the number of characters has to be a prime number.
.
.
.
17. When logging on, you have 3 attempts to type your password in correctly. Typing in your password incorrectly 3 times will result in the entire system shutting down in a security lock down. You will need to read the installation computer security regulations in their entirety and pass a 100 question multiple question on-line test before being issued a new password. Logging in incorrectly 3 times and bringing the system to a halt twice in a 721 day period will result in termination of employment, along with expungement of all past and present passwords from your memory.

So basically, your entire company uses pencil and paper?
 
  • #33
Pengwuino said:
This is nonsensical. People in IT Departments have no friends.
I WAS the IT department of a very large multi-location ophthalmic practice. I had friends. Some people got ticked off at me when I enforced company policy on software, personal use, etc, but they all cozied right up when I was the only one available to get their PCs running right again and they were on deadlines.
 
  • #34
turbo-1 said:
I WAS the IT department of a very large multi-location ophthalmic practice. I had friends. Some people got ticked off at me when I enforced company policy on software, personal use, etc, but they all cozied right up when I was the only one available to get their PCs running right again and they were on deadlines.

1 person department? Doesn't count! :P
 
  • #35
Yep. We had offices in 6 towns and cities, interconnected with dedicated lines. Two of the offices had only one ophthalmologist on staff - the larger offices had maybe 8-10 docs, along with some optometrists, opticians, medical assistants and large clerical staffs. For IT, I was the only game in town(s).
 
  • #36
Our IT requires those sorts of frequent password changes too. I also do as Ivan suggests, and just keep changing a number in the password sequentially, except on the account that only uses a 6 character password...EXACTLY. That one is annoying...not 6 to 8, not at least 6, but exactly 6. I'm starting to run out of ideas for that one.

I like CSFITSUCKS! as a password though...I may need to adapt that one locally on the account that I always have to call for password resets on. :biggrin: As if the IT people don't hate me enough already. :smile:
 
  • #37
When I worked at Brooks College we had to change our passwords every few months too. Fortunately the IT department never wanted to have to deal with anything that they had not decided to do themselves so they made it easy on us and we could switch back and forth between two passwords.

MotoH said:
I like the idea of a small RFID device implanted in the hand, which will allow you to log onto the companies computers. Each one has its own profile, and the IT people can set it up as to what your access is.
It would have to be a device instead of just a tag. The code would likely need to be changed frequently unless they have figured out a way to keep third parties from scanning tags.
 

Similar threads

Coccidioidomycosis, deadly fungal disease, no effective cure
  • · Replies 11 ·
Replies
11
Views
1K
Deciding between Physics or Engineering after a very turbulent year
  • · Replies 23 ·
Replies
23
Views
3K
Admissions Advice on how best to spend my time for graduate school applications
  • · Replies 15 ·
Replies
15
Views
2K
Admissions PhD Programs for Mathematical Physics (Experimental Condensed Matter Physics)
  • · Replies 119 ·
4
Replies
119
Views
16K
Quantum Workforce Elements, Toolbox for QIS Programs at Universities
  • · Replies 1 ·
Replies
1
Views
3K
Physicists in Industry - Action Needed
  • · Replies 7 ·
Replies
7
Views
4K
Admissions Need advice for my personal statement
  • · Replies 27 ·
Replies
27
Views
4K
Graduate RIP Edwin F Taylor (1931-2025)
  • · Replies 3 ·
Replies
3
Views
1K
Current and Future AI Threats to Humanity and the Human Response
  • · Replies 10 ·
Replies
10
Views
5K
Programs General Engineering/Chemistry/Biosciences/Physics - what to choose?
  • · Replies 2 ·
Replies
2
Views
2K