All Northwestern students are haunted by two numerical elements: six to eight characters and 120.
The “six-to-eight-character” combination is the requirement for NetID passwords, which also must contain a non-numerical symbol among several other stipulations. And 120 is the number of days this password is valid before it needs to be changed, a frustratingly short amount of time for some students.
Megan McEvily said she doesn’t get it.
“It’s annoying,” the Weinberg freshman said. “Honestly, who is hacking into my account? If they want to read my e-mails, they can.”
More than being a disturbance, some experts say the system isn’t even effective, which is why, according to Wendy Woodward, director of technology support services at NU, NUIT is reconsidering its policy.
“We are in the process of exploring options that will extend that time (between password changes) and hope to have a plan in the next three months,” Woodward said.
She said NUIT staff has heard complaints like McEvily’s about the current system, though she would describe the grievances as being “occasional.”
Graduate student Scott Ogawa, who also works as a teaching assistant in the economics department, said he was so disturbed by having to change his password that he began to personally research the issue at length. He even considered starting an e-mail campaign to NUIT to reduce the number of password changes but said he recently abandoned that cause when he heard the policy may soon change.
Ogawa has compiled a list of the 20 top American universities, according to the U.S. News and World Report rankings, with an accompanying list of how often they must change their passwords. According to his research, NU is the only school on the list that must change so frequently, with Washington University in St. Louis – which has to change once every four months – in second. Ogawa said while he was an undergraduate at Stanford University, no password change was ever required.
Woodward explained the reason for this discrepancy.
“We have been constrained based on old servers and services that could not handle longer or more secure passwords, so the way we mitigated the risk was to require more frequent changing instead of using longer or more secure passwords,” she said. “Those systems have been retired or are retired.”
This message is a good one for Ogawa and other students who have found changing passwords difficult.
“(Changing a password or not) should be my choice,” Ogawa said. “It’s one thing if you’re a professor holding someone else’s sensitive information.”
Weinberg freshman Komal Sheth also said if she had her way, passwords would change much less frequently.
“It’s really hard to think of a password that fits all the requirements that you can actually remember,” she said.
Disgruntled students will hopefully see changes soon, Woodward said.
“I think people are used to an Amazon.com kind of password where you set it once and you live with it. We’d like to get there,” she said. “But we’re moving in a positive direction.”