As Executive Director, UIT Security and UH Chief Information Security Officer, I couldn’t agree more! As Mr. Schneider notes, having multiple accounts and passwords makes it difficult for students to consistently use good security practices in safeguarding their account information.
We are fortunate that UH is focused on meeting the needs of our students. As a result, the current situation of multiple accounts evolved out of a desire of campus departments to provide as many services as possible on-line. However, over time this has created an environment that is difficult for our users, as well as our staff to manage.
Good news! University Information Technology (UIT) has been working to address this problem, and we are pleased to report significant changes are in progress. Coming soon, students, faculty and staff will be able to login with one account and password to get access to many systems that currently require separate logins – such as myUH, Blackboard, Parking, CougarCard and others! Users will no longer have to remember and maintain separate passwords for these systems.
UIT will be collaborating with campus departments interested in utilizing the new system for their users. We will work hard to include as many systems as possible.
I appreciate Mr. Schneider’s efforts to highlight some of our security challenges. I encourage any Cougar that has a security concern or idea for how we can improve information security at UH to contact me at [email protected].
— Mary Dickerson is the UIT Security Executive Director, and the UH Chief Information Security Officer.
Please end the stupid requirement of special characters and numbers. As can be trivially show by a simple analysis, a short complex password is vastly inferior to a long and simple one. This is easy to fix, as it simply requires resetting the password database on next login with different parameters. It's a bold action in the sense that most of 'the herd' (of IT Sheeple) are running towards short and complex passwords – but because something is popular doesn't make it the best solution. The below comic (which is both amusing and on point) captures the problem perfectly:
http://www.xkcd.com/936/
Synchronize password reset timelines. Until a unified authentication volume can be organized (and even after it is), synchronizing password expiration times makes it much easier to transition from one password to the next.
Please upgrade the servers that handle network authentications. I'm sick and tired of being in a hurry to log in at the library, only to sit for 15 minutes while the login server times out due to overloading. The number of requests per second cannot be that large, and yet there's consistently problems handling the traffic. My analysis (insufficient hardware) may be wrong, but the problem is apparent to anyone who's tried to access their network profile during the day.
Please tell whoever it is in Nigeria that got ahold of my e-mail address through UH website searches that I'm not interested in their romantic intentions towards me, and that while I would be glad to take the 23.4M dollars US off their hands I, being a college student, don't have the $500 they're trying to scam me out of.
Please end the stupid requirement of special characters and numbers. As can be trivially show by a simple analysis, a short complex password is vastly inferior to a long and simple one. This is easy to fix, as it simply requires resetting the password database on next login with different parameters. It's a bold action in the sense that most of 'the herd' (of IT Sheeple) are running towards short and complex passwords – but because something is popular doesn't make it the best solution. The below comic (which is both amusing and on point) captures the problem perfectly:
http://www.xkcd.com/936/
Synchronize password reset timelines. Until a unified authentication volume can be organized (and even after it is), synchronizing password expiration times makes it much easier to transition from one password to the next.
Please upgrade the servers that handle network authentications. I'm sick and tired of being in a hurry to log in at the library, only to sit for 15 minutes while the login server times out due to overloading. The number of requests per second cannot be that large, and yet there's consistently problems handling the traffic. My analysis (insufficient hardware) may be wrong, but the problem is apparent to anyone who's tried to access their network profile during the day.
Please tell whoever it is in Nigeria that got ahold of my e-mail address through UH website searches that I'm not interested in their romantic intentions towards me, and that while I would be glad to take the 23.4M dollars US off their hands I, being a college student, don't have the $500 they're trying to scam me out of.
democracy in action
democracy in action