WIT 2003
Note from Mitch about Passwords

Password Policy and Delivery

During this preparatory phase, the participants are in three categories as regards their server accounts and passwords:

NEW: There was no login already in place for this person (or anyway we didn’t find and identify it). So a new one was made, a username and password were assigned, and those will appear on a personalized handout they will receive.

RENEW: We found an existing account belonging to this person. But it didn’t seem to be in use recently, so we assigned a new password, which will be given to them on that personalized handout.

OLD: We found an existing account belonging to this person. But as it seems to have been in use recently, we did not change the password. A message explaining this will appear in the personalized handout, rather than a password.

(We’ll circulate the lists of those in OLD and RENEW categories not that you should save the list or expect to remember them, but maybe this explanation will come back, via the name ringing a bell, when they ask you to interpret the OLD or RENEW message on their handout.)

The official line is the standard one, that there is no listing of passwords, and that this piece of paper is their only route to their password. If they forget it and also lose the piece of paper, then there is no way to look it up, and the only recourse is to set a new one.

Though that is the official line, in fact we will keep a list (on a protected area) of the assigned passwords for the NEW and RENEW categories. (For the OLD category we actually do not have their passwords.) Time permitting, and if we have the homeroom assignments to work with, we will try to produce printed listings by homeroom. Mentors and Lab Assistants will be able to look up passwords if those lists are available, or can inquire for individual cases by email to server@cuip.net. (We’ll send single passwords by email, but will not have any lists circulating electronically.) Please proceed judiciously about doing these lookups, so participants are encouraged to take seriously the idea of remembering their password (and not losing official documents).

Even with the lookup option, there will be circumstances in which somebody’s password needs to be changed, and the current one is not known. For example:

We erred in putting someone in the OLD category they do have an account but despite appearances have not used it recently, and don’t remember the password. (“So why have this OLD category anyway? Why not treat all existing accounts as RENEW?” Because that would mess things up for people who really are actively using their accounts currently. The problem comes up only for the borderline cases, the judgement calls.

They already changed it, but forgot the one they set. (This can happen, especially if they feel harried to make something up quickly.)

They already changed it, but had their fingers in the wrong place, or had caps lock on, or something whatever the reason, it just isn’t working, and now they’re blocked from changing it on their own again.

Whatever the circumstance requiring it, when a password needs changed but the current one is unknown, the two ways to do it are: (1) mail to server@cuip.net; or (2) the Mentor or Lab Assistant does it, using the server shell command ‘sudo passwd USERNAME’ and following the prompts. (Details elsewhere.) For this purpose, we’d like to have all the Lab Assistants, and at least one of the Mentors for each homeroom, able to carry out this operation.

When the current password is known, but the participant finds it too awkward to use reliably, it should be changed. It could be done through the same two methods as when the current one is not known, but probably the preferred method is make it a teaching moment and help the participant change it for him\herself. This does require typing the old, difficult password two or three times, but then it will be gone for good!