Passwords. Seriously. ! ? ;-)

Posted by Sticky Password Feb.24, 2014 in News, Passwords & Security

With all the talk about security, do people really take passwords and security seriously?

A recent headline tells usIts-all-fun-and-games: New Password System at Springfield College Increases Security

On the face of it, this seems to be a straightforward story of a business or institution – in this case Springfield College in Massachusetts – upgrading its security systems, but it’s more a reminder of a larger problem.

The impetus for the college to implement a new security system was at least partially a breach by an employee. They perpetrator was caught and they are moving forward: good for them.

The college is having a problem implementing the new password system. As is often the case, the difficulty isn’t with the technology, it’s with the humans. (You are the weakest link!)

Students were notified on January 15 that the deadline to register for the new system was February 15. Note that this is a mandatory, college-wide change. A month to get the 5,000 students to switch – an automated process – that sounds doable.

The bad news is that only 30% (approximately 1,500) registered by the deadline. The college’s Chief Information Officer Danny Davis tells us that ‘we take this extremely seriously and we are extremely angry.

We’re not sure who the ‘we’ he is referring to is, but the result doesn’t suggest that the College President or the Board of Regents consider this to be a priority.

On a personal level, this seems to be the case for most people. Security is something they get around to, not something that is a primary concern. In this case, however, it is surprising since the College was recently a victim of unauthorized access.

We humbly suggest that all it would have taken to get 95% and likely even more of the students to register in a timely fashion would have been to announce that students who failed to register by the deadline would not be permitted to attend classes after Feb 15.

As it is, Springfield College didn’t think protecting their network and systems was important enough to make their students uncomfortable. (As the saying goes: It’s all fun and games until someone loses an eye.)

Let’s see how they do with the second deadline: March 15.