After hearing complaints from students for several years, Northwestern University Information Technology will change its password policy, it announced Wednesday.
It will update NetID guidelines June 20 to permit character combinations four times the current length and require one password change per year, according to an NUIT e-mail newsletter.
The policy tweak is the result of mounting student discontent, said Wendy Woodward, NUIT director of technology support services. She said the University has been fielding complaints “for many, many years,” but was unable to effectively respond due to the previous e-mail system’s limitations.
Currently students must have passwords that are six to eight characters long and include a non-alphanumeric character, among other requirements. They must change this password every 120 days, and when they do, the new password cannot contain more than four characters in the same sequence as a previous password, nor contain NU-related sequences like “wild” or “cats.”
But earlier this year, NUIT installed new technology that allows longer passwords, thus enabling students’ gripes to be resolved, Woodward explained.
“Anything we can do to make the life of the community easier and maintain data integrity and security, the better,” she said.
Graduate student Scott Ogawa, a teaching assistant in the economics department, led the push to reform the current password guidelines, which call for a mix of six to eight alphanumeric and non-alphanumeric characters. He first approached the Associated Student Government last fall, offering an informal presentation on other universities’ password policies to the executive board, ASG Technology Director Michael Jan said.
Ogawa said the result of his de facto campaign is preferable but not entirely satisfying.
“I guess I would like to see no password changes whatsoever, which is the standard at most universities,” he said. “I would’ve liked to see them go all the way.”
Graduate student Esteban Petruzzello said NUIT should maintain less stringent password guidelines. Because he’s a close acquaintance of Ogawa, whom ASG contacted a day before the official announcement of the policy changes, he also knew in advance of Wednesday’s newsletter.
“I think you should just let the student pick their own frequency,” Petruzzello said. “If they want to change it every day, let them change it every day. If they want to change it every year, let them change it every year.”
Despite lingering grievances, Jan said Ogawa’s efforts symbolize a larger picture: students’ ability to approach their elected representatives with legitimate problems.
“The students clearly wanted a change and NUIT responded very positively,” he wrote in an e-mail.
For some students, the policy (which remains in place until the first day of Summer Quarter classes), is still a minor nuisance. Weinberg junior Claire Lukens said she believes the current guidelines are particularly troubling for Internet users who maintain a single password for multiple sites, a practice she admitted was not the wisest strategy.
Regardless, Lukens said she’s mildly disappointed she’ll have to wait until her senior year for the loosened password requirements.
“I think that the six to eight digits is kind of limiting, especially for something you want to be remembered,” she said. “It annoys me a little bit. It was kind of hard coming up with something you’d remember.”
Ogawa noted that he has no further plans to pursue NUIT policy changes. The past few months, he added, have been nothing but a positive experience with ASG and the NU administration.
“I had a comment and they listened to it and they were actually able to do something about it,” he said. “It’s gratifying.”