Advertisement

Ohio State passwords now last twice as long

August 25, 2014

spears.116@buckeyemail.osu.edu
Ohio State passwords are set to expire after 180 days instead of 90 days. Credit: Madison Curtis / Managing editor of design

Ohio State passwords are set to expire after 180 days instead of 90 days.
Credit: Madison Curtis / Managing editor of design

It’s been suspenseful. It’s been trying. Some might say it’s been a long time coming.

The password expiration date at Ohio State is being extended.

Bob Gribben, a director of service operations for the Office of the Chief Information Officer, announced OSU’s password expiration window will change from 90 days to 180 days via Twitter on July 24.

Immediately after, a chorus of “HALLELUJAH” tweets sprinkled with prayer emojis from OSU students started flying.

“I’ll kiss you when I see you,” Nick DaLonzo, a third-year in production and marketing, said he tweeted at Gribben. “I wouldn’t actually kiss him, but I was pretty excited.”

Under the current 90-day password system, students who received a consecutive four-year degree from OSU would have to change their password a total of 16 times. Now, that number will be cut in half.

The new duration period went into effect Monday and will be just as secure as the old because of the complicated nature of the password requirements, Gribben said.

Under the new system, students’ passwords must still meet the same basic requirements that had to be met under the old system. According to the OCIO website, the passwords still must be a minimum of eight characters in length, avoid dictionary words and have at least three of the following items: an uppercase letter, a lowercase letter, a numeral and a special character, like an exclamation mark or parentheses.

Students whose passwords expired before Monday will follow the 90-day system until that password expires, but then their account will automatically switch to the 180-day system.

Gribben said the old system was in place for more than two years, but the new one is here to stay.

The university decided to lengthen the expiration window after listening to the community, Gribben said, as anyone who is affiliated with OSU and needs access to anything OSU-related must have a password.

The OCIO was contacted more than 4,000 times by people who experienced password expiration problems in the last six months alone, Gribben said. That helped spur the change.

“It was just talking with the community, working more with the community, listening to the community,” Gribben said. “(It’s) understanding that we’re secure — that we’re still secure — so we’re going to go ahead and make that decision and listen to everybody.”

Some members of the OSU community have voiced their dissatisfaction toward the seemingly-constant password changes all students and faculty were forced to make under the old policy.

Connor Spiech, a third-year in neuroscience, said changing his password every 90 days was simply a nuisance. He said he feels his email will be secure with fewer required password changes.

“I don’t really think any legitimate hacker is going to go after students for any important information because poor college students have nothing to take,” Spiech said. “I mean, if they want to have my student loan debt, they can take it.”

Still, Gribben said the university does face cyber threats and needs to protect students.

“I’m not being mean or malicious. I’m just trying to protect your data,” Gribben said. “This university gets hacked all the time. That’s all this is about. If your data gets stolen, it’s our responsibility.”

The policy change will not cost the university, Gribben said.

Overall, the community response has been nothing but positive since he made the announcement, Gribben said.

“A lot of people are like, ‘Yay!’ That’s really all it’s been,” Gribben said. “But here’s the deal: at 180, people are going to start complaining again.”


The Lantern uses two-click social media buttons to protect your privacy. Click once to load the button, then again to share!

Comments (2)

Trackback URL | Comments RSS Feed

  1. Wowzers says:

    Not very wise to publish any aspect of your password policy for the world to see. Also, some comments demonstrate how naive computer users are and why they need protection from themselves. “I am poor so they can have my data anyway”. That tune will change when it is your identity they are stealing and selling to the Russians or Chinese.

  2. CSE Master's Student says:

    A factor much more important than the complexity of the password is the length. Any password of minimum length, no matter how many different kinds of characters it has, can be brute-force hacked in a matter of hours. The single best thing you can do make your passwords safer is to make sure they’re never as short as the minimum length.

Leave a Reply