[unisog] Password policies

J. Philip Miller JPhilipMiller at WUstl.edu
Thu Apr 20 00:47:21 GMT 2006

Cosmin Stejerean [cstejerean at gmail.com] writes:

>I don't understand the constant worry that users can't remember their
>password so they have to write it down. I cannot see how someone
>logging in to the same workstation couple of times a day (people do
>lock their machines when they step away, right?) is going to forget a
>password. Sure, it might be difficult to remember the first couple of
>times but after that you should be able to type it with your eyes


Well, what about the user who has to access resources which are not covered
by the single logon password that is used for the workstation, e.g. they
need to log into a website which uses a different authentication mechanism.
Do you require students to use your authentication mechanism to sign onto
the computer that they own? What if they have to access resources at another
university? What about a VPN mechanism that uses a different authentication
authority that is used only very occasionally? What about logging into a
hospital system?  

The idea is that in most universities, individuals play many roles which are
not (and many cannot) use the same authentication mechanism used for the
workstation for a variety of technical and administrative reasons. Once you
start making a policy for a university, then most policies require that this
policy is followed for all computing resources.

This is absurd!


J. Philip Miller, Professor of Biostatistics
Division of Biostatistics
Washington University School of Medicine
Director of Biostatistics Core, Siteman Cancer Center
Mail: Campus Box 8067, 660 S. Euclid Ave
St. Louis, MO 63110
Physical Address: 3349 Barnard
Phone: 314-362-3617, 314-362-3728 (fax)
email: jphilipmiller at wustl.edu 
web: http://www.biostat.wustl.edu/~phil


The materials contained in this e-mail are private and confidential and are
the property of the sender. If you are not the intended recipient, be
advised that any unauthorized use, disclosure, copying, distribution, or the
taking of any action in reliance on the contents of this information is
strictly prohibited. If you have received this e-mail transmission in error,
please immediately notify the sender.


More information about the unisog mailing list