As of March 1, 2008, Tulane University will implement a university-wide initiative that will require all those who have a Tulane Account to change their password every 90 days. As a Tulane medical student, I ask you to join me in protesting this policy and demanding that it be immediately reversed or amended. The new password policy is extremely cumbersome for Tulane students, and will be ineffective in increasing our security. It has excessive requirements for new passwords (please see full list below), making it difficult to enter and keep track of our passwords. In turn, we are forced to write down our passwords, creating a real security risk. The Information Security Office (ISO) claims that this policy was instituted to protect the interests of Tulane account holders; however, not a single Tulane student, faculty, or staff member was asked to vote on this policy. This policy is poorly devised and does not serve the best interests of Tulane account holders. This petition will be presented to the ISO to show our objection to this policy and our demand that it be immediately reversed or amended.
We, the undersigned, do not support Tulane's new password policy, effective March 1, 2008. We demand that:
1) all or some of the following password requirements be removed from the policy:
· Old passwords cannot be reused for 365 days
· The password must be at least six characters in length. (Longer is generally better.)
· The password should not be a word in the dictionary
· The password must be in mixed case (uppercase and lowercase letters)
· The password must contain at least one numeric character.
· The password cannot be the same as the user ID.
· Special characters may be used to strengthen the password. Examples of permitted special characters are $ . , ! % ^ *
· The password should not be information easily obtainable about you such as your license plate number, social security number, telephone number or street address.
2) the 90-day basis for password changes be extended to either a once-a-year or once-a-semester basis.
3) Tulane account holders be polled before any new password policy is instituted, in order to determine their preference and interest in securing their accounts.
