Massey Weirdness

While looking through links for my previous post, I found this one – which caught my eye in particular because it has my old postal address (also weird – Google maps used to show the house, but now I can’t see it, even though the neighbours are there, and so is the lake.  Has the imagery got older?!). I’m not sure why I’m listed here (pretty much everything else seems to be a business, although I didn’t look thoroughly) – maybe from when I was providing theatrical services to Massey, although I did that under “Underground Services” (the theatre was named the Underground Theatre).

The information at the top seems to always be about veterinary products, but maybe that has something to do with the flashing (good grief!) “test site” at the top of the page.  I would think that Massey would have the skills available, somewhere, to make test sites (and, really, the purchasing system in general) hidden from the public and from Google.

Massey University: out of touch with the real world

A policy on passwords like the one that Massey University has is worse than no policy at all.  Of course, when I was there, they forced students to have a four-digit number as their password, despite the fact that doing so violated their own policy, so I guess it’s expected that this will be ignored. Particularly bad parts: passwords should

Contain both upper and lower case characters [and] at least one digit and one punctuation character. 

Case sensitivity is a worthy goal, and it does increase the complexity of passwords considerably.  However, it’s also the easiest pitfall for inexperienced users, which the University is full of.  Requiring both a digit and a punctuation character is completely overboard.

Passwords must be changed from their initial default value the first time a new user logs in, and at least every six months thereafter.  

I understand why institutions require this, but I don’t agree with the reasoning.  In practice, what happens is that people rotate between passwords, or if that isn’t possible, they rotate between variants of the same password, which adds very little in security).

Passwords, or even the format of passwords, should not be shared with anyone 

Passwords, sure.  But the format!  I can’t recommend how someone might come up with a good password (as the policy itself does)?!?

The “Remember Password” feature of applications (e.g. Outlook) should not be used. 

Just plain stupid.  There are so many reasons this is stupid that it’s not even worth going into them.To be fair, Massey University undoubtably isn’t the only place (probably not even the only New Zealand university) to have a policy written by people completely out of touch with the real world, but that doesn’t make it any less embarrassing to be an alumnus.