Last modified: May 15, 2025
Systems in computer science currently use passwords that are separate from your password at other places in the University, except for accounts created in the last year.
We will change all existing accounts to University passwords, EXCEPT those using two-factor authentication. They will remain unchanged.
I hope to make the change on May 22, but several other steps have to be done first so that it could be delayed.
The main reasons for making the change are:
- We’re trying to avoid requiring users to go through an activation process for our accounts. The main point of activation was to set a password. With the University password, we can create accounts automatically the first time someone logs in.
- It confuses many users about which password to use, particularly since some web services already use University passwords.
- There is no security advance to the current system.
Many people recommend using separate passwords for different sites. The current system doesn’t accomplish that, since you can change your computer science password by logging in with your University password. This will also change.
If you’re one of the few people who keep separate Computer Science passwords and forget your password, you will have to come to Core during business hours and show identification. Presumably, if you retain an individual password, it’s for security: you want to keep it separate from your University password. It defeats the purpose of allowing password changes with the University password. You can, of course, change your password yourself as long as you know the old one.
Note that these changes do not affect our authentication technology. That will continue to use Kerberos.