Go Back   Hardware Canucks > SOFTWARE > O/S's, Drivers & General Software

    
Reply
 
LinkBack Thread Tools Display Modes
  #1 (permalink)  
Old February 19, 2008, 10:25 AM
Top Prospect
 
Join Date: Dec 2007
Location: London, Ontario Canada
Posts: 153
Default IT and passowrds!

So I'm really getting pissed off at my IT at school.
There making my change my password every 3 weeks. And when you change it you can't pick any words that were used in your last 30 passwords. I thought I could trick it by changing it 30 times in one day and then start using my last password but its to smart for that. It keeps track when it ASK you to change your password. If your password is reset it also counts the same. why does IT do this!! its a school network. not a CIA agents computer.

Any other of you hate this or you are IT your self. If so why!
Reply With Quote
  #2 (permalink)  
Old February 19, 2008, 10:30 AM
enaberif's Avatar
Hall Of Fame
 
Join Date: Dec 2006
Location: Calgahree, AB
Posts: 10,605
Default

Quote:
Originally Posted by NuxTux View Post
So I'm really getting pissed off at my IT at school.
There making my change my password every 3 weeks. And when you change it you can't pick any words that were used in your last 30 passwords. I thought I could trick it by changing it 30 times in one day and then start using my last password but its to smart for that. It keeps track when it ASK you to change your password. If your password is reset it also counts the same. why does IT do this!! its a school network. not a CIA agents computer.

Any other of you hate this or you are IT your self. If so why!
Personally I hate anyone who stresses security that much! Yes people pick retarded passwords but really who wants to try to crack or hack them?
Reply With Quote
  #3 (permalink)  
Old February 19, 2008, 11:47 AM
Top Prospect
 
Join Date: Dec 2007
Location: London, Ontario Canada
Posts: 153
Default

Quote:
Originally Posted by enaberif View Post
Personally I hate anyone who stresses security that much! Yes people pick retarded passwords but really who wants to try to crack or hack them?
I use to be able to change my password to like I.E [MyLastName]1234 replacing the number with the day of the month.
but now i can't even put a random number since my last name was the word that was last used.
And if my password gets reset the word will get put in the pile of words i can not use for 30 password changes. Oh and the word can't be in the english dictionary!
Reply With Quote
  #4 (permalink)  
Old February 19, 2008, 12:35 PM
vdf22's Avatar
Top Prospect
 
Join Date: Jan 2008
Location: Saskatoon, SK
Posts: 146
Default

Quote:
Originally Posted by NuxTux View Post
I use to be able to change my password to like I.E [MyLastName]1234 replacing the number with the day of the month.
but now i can't even put a random number since my last name was the word that was last used.
And if my password gets reset the word will get put in the pile of words i can not use for 30 password changes. Oh and the word can't be in the english dictionary!
That's going way overboard for a school network, IMO.
Reply With Quote
  #5 (permalink)  
Old February 19, 2008, 12:51 PM
MVP
 
Join Date: Feb 2007
Location: Calgary
Posts: 493
Default

Hahah, is this a highschool, or post-secondary?

I wonder how many cases of forgotten passwords the tech people have to deal with...
Reply With Quote
  #6 (permalink)  
Old February 22, 2008, 07:04 AM
Jack Rabbit's Avatar
Allstar
 
Join Date: Sep 2007
Location: Toronto, ON
Posts: 784

My System Specs

Default

You could use the QWERTY key layout for a nemonic to generate passwords. Write down or remember 135U. The password is 'zaqcdebgt'; the keys under the numbers going up. If they require complexity then you could use 'Aq1De#Gt5'. When they make you change it just switch to a different column like 137U. There are plenty of combinations and if you go through them with a pattern then you will probably graduate before you run out.

Slovotsky's Law #9: Sometimes, you can't do anything about something that sucks.
__________________
He either fears his fate too much, or his deserts are small, that dares not put it to the touch, to gain or lose it all.
- James Graham
Reply With Quote
  #7 (permalink)  
Old February 22, 2008, 07:12 AM
sswilson's Avatar
Moderator
F@H
 
Join Date: Dec 2006
Location: Moncton NB
Posts: 14,535

My System Specs

Default

This is pretty common for all large networks, but IMO often ends up being counter-productive. Most folks end up using the same password, only changing one number in front or at the rear of the password.

Most annoying is when you've got multiple apps which each have a different password which changes at different times......... :)
__________________
MSI Z87I Gaming AC / i5 4670K / 2X 4G Gskill 1866 DDR3 / XFX XTR 750 / EVGA GTX 680 SC+ 2GB / Intel DC S3700 200G / random 160G Sata HDD
Inwin 904 / Swiftech MCP655-b / Alphacool NexXxos XT45 120 Rad / 2X Scythe GT AP-15 / EK Supreme HF / Dell UltraSharp U2412M

Asrock AM1H-ITX / AM1 Athlon 5350 / 2X4G Gskill PC3-14900 / Intel 6235 Wi-Fi / 90W Targus Power Brick / 320G Seagate Momentus / Mini-Box M350 / 1X 22" Dell IPS / 1X 22" HP
Reply With Quote
  #8 (permalink)  
Old February 25, 2008, 08:55 AM
Banned
 
Join Date: Feb 2008
Location: Calgary, AB
Posts: 1,047
Default

Quote:
Originally Posted by NuxTux View Post
So I'm really getting pissed off at my IT at school.
There making my change my password every 3 weeks. And when you change it you can't pick any words that were used in your last 30 passwords. I thought I could trick it by changing it 30 times in one day and then start using my last password but its to smart for that. It keeps track when it ASK you to change your password. If your password is reset it also counts the same. why does IT do this!! its a school network. not a CIA agents computer.

Any other of you hate this or you are IT your self. If so why!
I work IT and have done it for a good portion of my life (not just career and academic).

This is a key principle regarding security in IT that many people simply do not get:

- Security is supposed to maintain data integrity, privacy and user access and not become a burden for the end user. In other words any security model that is implemented is supposed maintain the level of protection required and maintain a very favorable ease of use.

IMO your school's policy is quite Mickey Mouse. If they are really worried about data security they will implement a strong password case that must be resolved every 90 days and then use FOB access for daily use. That means you have access via Windows with a password that changes every 90 days. To gain user access you simply use a FOB token that ends up changing every minute. With this you do not have to worry about coming up with a new password all the damned time maintaining ease of use and a very high level of security. On paper this is overboard but not anymore than your school's current model.

Btw there are flags set for that 30 tries in a single day and the 30 times that it remembers. It's not hard to figure out how to override them but I don't want to be an accessory for overriding your school's policy.

It is rare that people within high-school networks will attempt to bypass the security trying to guess someone's "weak" password. It is more probable to find a curious individual trying to override the entire security scheme than to sit there and figure out his/her classmate's password scheme. This is only based on my experience as I used to actually do that in high-school. I didn't care what my friend's password would be, I had no interest in committing fraudulent access or spoofing the system and doing something "bad" under their "identity".

Jackrabbit has a good piece of advice and if you really think of it, his advice is the key to the annoying model you work with.
Reply With Quote
Reply


Thread Tools
Display Modes