Being required to constantly change password is unsafe, annoying

By By Jeffrey Jenkins

By Jeffrey Jenkins

Spring Break has come and gone and we have officially arrived at the halfway point in the semester. Use of the Campus Information System and WebCT will no doubt increase as we approach the final stretch of the semester.

As with every new semester, next semester, whether it be in the summer or fall, will require a new password to access CIS and UMail accounts. The password will need to be completely new and not a recycled password from previous semesters. The Office of Information Technology requires the frequent changing of passwords to mitigate the possibility of identity theft and the spreading of viruses and worms across the campus network. However, the constant changing of passwords could pose more threats of identity theft and system breaches than keeping a constant password.

The repetitive password changing leads many students to write down their new passwords, at least until they are memorized. Writing down passwords and placing them in a wallet poses a far greater threat than any online hacker can, according to an October 2009 Identity Theft Fraud and survey report done by Javelin Strategy and Research. Lost and stolen wallets, checkbooks, credit cards or other physical documents with private information was cited as the most common cause of identity theft, taking account for 43 percent. The next most common, at 19 percent, is information gathered from overhearing a purchase or transaction either in person or over the phone. The third most common cause of identity theft came from friends, acquaintances, relatives or in-home employees who stole the info. Only 11 percent of identity thefts occurred from an information system security breach and 9 percent from a security breach from a hacker virus or spy ware from your personal computer. The percentages weigh against the usefulness of a tangle of new passwords.

Many other entities that are at risk for identity theft-related activities, such as ATM machines, online bank accounts and others, do not require frequent password changes, if at all. The most recent identity theft scare at the U did not occur from a compromised user name and password to the CIS. It occurred when 2.2 million backup billing records were stolen when a courier from a storage company contracted by the U disobeyed protocol and left the records in his personal vehicle overnight.

The frequent changing of passwords is irritating to students. Any change is tolerable when the effects of the requirement actually serve a purpose, but the effectiveness of switching passwords so often is questionable.

[email protected]