This term, a change was made by the Computer Center regarding how often members of the Knox community must change the password for their Knox account. Passwords must now be changed every 30 days, much more frequently than the previous 90 days.
“The main reason is that people forget how to change them,” Director of the Computer Center and Telecommunications Steve Jones said. “We would get the same people calling over and over two to three times a year saying, ‘my password expired, how do I reset it.’”
Jones said that this change will not only help people remember how to reset their passwords, but will also help reduce the likelihood of e-mail phishing scams and, when a scam does happen, it will be easier for people to quickly change their password.
“The thing we ran into this late summer or early fall is that we have all of these phishing things that have succeeded and people have fallen for,” Jones said, adding that most of the victims of these scams have been faculty and staff members.
Jones hopes that, by getting in the habit of changing passwords more frequently, the campus will be able to avoid massive e-mail scams.
Some students, however, think the change might not help them as much as Jones thinks it will.
“I always forget and get locked out,” senior Emily Oliver said. Many students did get locked out of their Knox accounts when the new rule for changing passwords went into effect.
“It’s annoying to change them so much,” Oliver said. “It also gives me a paranoid feeling; it makes me wonder what’s so interesting in my Knox mail.”
“It’s equally a pain for us as it is for everybody else,” Jones said
Jones also said that, recently, the number of successful phishing attacks on campus has gone down. He thinks it is probably a combination of more frequent password changes and the publicity the Computer Center has worked on to make people more aware of phishing scams.
“I don’t think it’s something we can back off on,” Jones said about advertising and increasing awareness of scams so students never give their passwords out to anyone, especially via e-mail. Most posters hung up by the Computer Center staff emphasize that the Computer Center will never ask for anyone’s password in an e-mail.
Junior Zoë Foote said, “I think it’s excessive. It was fine when we had to change it every 90 days. Now, it seems over the top.”
Jones said that, based on how many people have fallen for phishing attacks, this was a necessary change, and that even when the Computer Center has hosted workshops to help people learn how to set up their security questions on their account and learn how to change their password, no one ever attends these workshops.