[geeks] Mandatory password changes

[Brian Dunbar]

John Francini wrote:
> Well, I have to say that, while this one's arguments are a bit over 
> the top, there is something to be said for the concept of personal 
> responsibility.

<snip>

> 
> In a University or public setting, the rules should be entirely 
> different.  Here, the only information you can access is either your 
> own or that which the school keeps on your behalf. This means that, 
> yes, if you share your password with someone else and they then 
> violate that trust (by doing nasty stuff like dropping you from 
> classes, dropping you from the University, etc.), then that's your 
> problem for having given them access in the first place.  The 
> physical analogy here would be giving another student the key to your 
> dorm room, off-campus apartment, etc., and discovering that the other 
> student trashed the place.  This is your problem for having misplaced 
> your trust.

One flaw here is that the University incurs an expense if the vandal
trashes the room by damaging walls, tearing out utilities, etc.  It's
not just your problem it's also the facilities people who have to fix
stuff and find you a place to live while the repairs are ongoing (say if
they'd punched out a few windows).

There is probably a liability thing at work here.  Sure, it ought _not_
to be that way but the uni can shield itself from the inevitable lawsuit
by pointing out that they TOLD the users to change passwords so It's Not
Their Fault and We Don't Owe You Big Bucks.

-- 
Brian Dunbar
System Administrator
Liftport - The Space Elevator Company

brian.dunbar at liftport.com
aim: bdunbar1967

this email is: [ ] bloggable [x] ask first [ ] private

Meaningful Work or Death.
Any other form of existence doesn't interest me.

Hugh Macleod