IT and passowrds!

[NuxTux]

So I'm really getting pissed off at my IT at school.
There making my change my password every 3 weeks. And when you change it you can't pick any words that were used in your last 30 passwords. I thought I could trick it by changing it 30 times in one day and then start using my last password but its to smart for that. It keeps track when it ASK you to change your password. If your password is reset it also counts the same. why does IT do this!! its a school network. not a CIA agents computer.

Any other of you hate this or you are IT your self. If so why!

[enaberif]

Quote:

Originally Posted by NuxTux

So I'm really getting pissed off at my IT at school.
There making my change my password every 3 weeks. And when you change it you can't pick any words that were used in your last 30 passwords. I thought I could trick it by changing it 30 times in one day and then start using my last password but its to smart for that. It keeps track when it ASK you to change your password. If your password is reset it also counts the same. why does IT do this!! its a school network. not a CIA agents computer.

Any other of you hate this or you are IT your self. If so why!

Personally I hate anyone who stresses security that much! Yes people pick retarded passwords but really who wants to try to crack or hack them?

[NuxTux]

Quote:

Originally Posted by enaberif

Personally I hate anyone who stresses security that much! Yes people pick retarded passwords but really who wants to try to crack or hack them?

I use to be able to change my password to like I.E [MyLastName]1234 replacing the number with the day of the month.
but now i can't even put a random number since my last name was the word that was last used.
And if my password gets reset the word will get put in the pile of words i can not use for 30 password changes. Oh and the word can't be in the english dictionary!

[vdf22]

Quote:

Originally Posted by NuxTux

I use to be able to change my password to like I.E [MyLastName]1234 replacing the number with the day of the month.
but now i can't even put a random number since my last name was the word that was last used.
And if my password gets reset the word will get put in the pile of words i can not use for 30 password changes. Oh and the word can't be in the english dictionary!

That's going way overboard for a school network, IMO.

[Mars]

Hahah, is this a highschool, or post-secondary?

I wonder how many cases of forgotten passwords the tech people have to deal with...

[Jack Rabbit]

You could use the QWERTY key layout for a nemonic to generate passwords. Write down or remember 135U. The password is 'zaqcdebgt'; the keys under the numbers going up. If they require complexity then you could use 'Aq1De#Gt5'. When they make you change it just switch to a different column like 137U. There are plenty of combinations and if you go through them with a pattern then you will probably graduate before you run out.

Slovotsky's Law #9: Sometimes, you can't do anything about something that sucks.

[sswilson]

This is pretty common for all large networks, but IMO often ends up being counter-productive. Most folks end up using the same password, only changing one number in front or at the rear of the password.

Most annoying is when you've got multiple apps which each have a different password which changes at different times......... :)

[Rommel]

Quote:

Originally Posted by NuxTux

So I'm really getting pissed off at my IT at school.
There making my change my password every 3 weeks. And when you change it you can't pick any words that were used in your last 30 passwords. I thought I could trick it by changing it 30 times in one day and then start using my last password but its to smart for that. It keeps track when it ASK you to change your password. If your password is reset it also counts the same. why does IT do this!! its a school network. not a CIA agents computer.

Any other of you hate this or you are IT your self. If so why!

I work IT and have done it for a good portion of my life (not just career and academic).

This is a key principle regarding security in IT that many people simply do not get:

- Security is supposed to maintain data integrity, privacy and user access and not become a burden for the end user. In other words any security model that is implemented is supposed maintain the level of protection required and maintain a very favorable ease of use.

IMO your school's policy is quite Mickey Mouse. If they are really worried about data security they will implement a strong password case that must be resolved every 90 days and then use FOB access for daily use. That means you have access via Windows with a password that changes every 90 days. To gain user access you simply use a FOB token that ends up changing every minute. With this you do not have to worry about coming up with a new password all the damned time maintaining ease of use and a very high level of security. On paper this is overboard but not anymore than your school's current model.

Btw there are flags set for that 30 tries in a single day and the 30 times that it remembers. It's not hard to figure out how to override them but I don't want to be an accessory for overriding your school's policy.

It is rare that people within high-school networks will attempt to bypass the security trying to guess someone's "weak" password. It is more probable to find a curious individual trying to override the entire security scheme than to sit there and figure out his/her classmate's password scheme. This is only based on my experience as I used to actually do that in high-school. I didn't care what my friend's password would be, I had no interest in committing fraudulent access or spoofing the system and doing something "bad" under their "identity".

Jackrabbit has a good piece of advice and if you really think of it, his advice is the key to the annoying model you work with.