The Medical College, in its infinite wisdom, decided that all of its students' computer accounts were security liabilities, and decided that their passwords now need to be changed every 90 days. The initial setup also required using three or four of the following: uppercase letters, lowercase letters, numbers, and symbols. No more than four characters in a row could be repeated from any of the past two passwords. Or maybe it was three - I can't get into my account right now to read the requirements, so I don't have access to the email instructions.
This isn't the first time this has happened.
I really do wonder what The Medical College thinks is so valuable in our accounts. I also wonder who's making the security decisions, since the real vulnerability of the accounts has not been addressed; while I don't know of any student accounts being hacked, about once a month someone forgets to log out, and a facetious classmate makes use of this by sending an embarrassing email from the unlocked account to the whole class. Why don't logins expire after a period of inactivity, if the accounts are so valuable?
Monday I get to go in and inconvenience the IT staff when I ask them to reset my password. In the interim I will not be able to clean out my inbox and my email will meet and exceed the storage limits set by IT's administration, no doubt creating computing havoc in some corner of The Medical College's empire.
For the moment, though, it's kind of nice not to have email access - all those problems that I can't learn about and so needn't address.
Maybe I'll suggest that we be required to change our passwords every 90 hours, instead of every 90 days.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment