Student criticizes OIT for ridiculous password demands

Dear Editor:

Is the Office of Information Technology trying to confuse me, annoy me or just plain tick me off with this new password change?

First off, the security of my campus e-mail/Blackboard account is hardly a major concern of mine compared to the numerous accounts I use online to pay bills, order books and such (heaven forbid someone read my gritty UT e-mail which is nine times out of 10 an e-mail from OIT telling me to change my password).

Why then is it of such paramount importance to you that my campus password be infinitely more complex? Seriously? Let us assume my password consists entirely of lowercase letters and is a six-digit combination of letters.

I challenge you to “hack” my account from this information alone.

There are, after all, 191,102,976 possible combinations of my theoretical six-digit password assuming I choose to make it using lower case letters exclusively. Now one might argue that since our six-digit password is most likely a word, it will greatly reduce the possible combinations. This point is valid and one can certainly understand the benefit of creating a password which is a combination of both lowercase and uppercase letters or a combination of letters and numbers.

However, the new guidelines for UT Net ID passwords far eclipse even the most extreme precautions. Let’s look at them:

• be a minimum length of 8 characters;

•contain some combination of uppercase, lowercase, punctuation and numbers (at least three of these categories must be used);

• be changed at least every 180 days;

• not reuse your last 10 passwords.

I am curious, are these precautions meant to keep me out of my account or someone else? Perhaps UT should just assign us all secret decoder rings. Or perhaps start requiring freshmen to take a class titled “How to pick and remember a Net ID.”

Give me a break.

Justin Ryel

Senior in philosophy