---------------------------------------------------------------------------
From: NUS IT Care
To: NUS Students
Subject: Update to NUSNET Password Policy
Dear Students,
As computational power and technology take their leap, it is more important than ever for us to safeguard our computer accounts against the misuse of such technology and computational power to crack our NUSNET passwords by brute force.
To aid each and every one of us in securing our NUSNET Password, enhancement to the system will be made to deter such brute force attacks. You are hence, required to change your password when it is due on or after 17th February 2009 to conform with the following requirements:
· Passwords must be at least 8 characters in length.
· Passwords must contain at least a number, an alphabet and a symbol (eg. Pa55Word!)
· You will be required to change your password every 180 days.
· You can change your password at most once/day.
· You cannot re-use any of your 6 previous passwords.
Many of us may have no immediate need to change our password. However, if you wish to find out your password’s expiry day, the information is located on the top left hand corner of the Message of the Day (MOTD) when you next login to NUSNET as follows:
For more information or enquiries, please contact NUS IT Care at x2080 or email ITCare@nus.edu.sg
Regards,
Chua Lin Tee
Service Delivery Manager
NUS IT Care
Computer Centre
-----------------------------------------------------------------------------------------------------
Some of the language used was quite forceful and blunt, especially in the section detailing the new standards required of passwords. However, less explicit statements may have led to students not taking these requirements seriously, and thus I feel that the purpose of the email justified the somewhat-harsh tone. The harshness was also ameliorated by the helpful tone reflected throughout the other parts of the email.
I feel that the use of language in this email was not entirely correct, although my English is not good enough to accurately pinpoint all the errors. The first sentence twice repeats the phrase "computational power and technology". "Take their leap" appears to be a metaphor lacking any form of context. "Crack(ing)" our passwords by "brute force" seems to be a repetition, only distinguishable by those with hacking experience. I also could not understand the instruction given in the 2nd paragraph to "change your password when it is due on or after 17th February 2009". My understanding is that the new requirements will come into effect on 17th February, and that any new password we choose after that date must conform to the new requirements, but this is in no way made clear by that sentence.