7
Please specify why you are dissatisfied with the quality of services:
•
Connection issuespeed and throttling
•
Could never get anyone to repair computer and printer despite multiple calls
•
The Wi-Fi is very slow. Maybe if you guys didn't update your firewall every week, we would
not have as many issues.
•
Website down all the time, network down all the time.
•
Wifi pales in comparison of other colleges.
•
Not very efficient and make so many mistakes
•
I'm out of state and have had to call twice for help with syncing my email to my phone. Was
put on hold both times and the second call I was transferred multiple times.
•
They are rude unhelpful and take forever to help just one person
•
The Wi-Fi issues continue.
•
CATS needs to stop instituting security policies that decrease my security. 1) Your password
policy sets a *maximum* password length. I cannot overstate how stupid that is. Consider
these three ways of generating a password: For the first, we randomly select 7 letters, then
end it with a random digit. This approach is permitted by your policy (and is the one most
likely to be used by the sort of naive users who necessitate the existence of password policies
in the first place). It has an entropy of 36.2. For the second, let's assume that we just choose
4 words out of the 20,000 most common words. This violates three distinct rules of your
policy: 8-14 characters, at least one special character, and no common words. And yet, its
entropy is 57.2. Which is to say, it's *2 million* times harder to brute force than the one you
allow (and that assumes the attacker knows exactly what dictionary we used). Easy to
remember, too. Finally, we have a generation method that creates passwords that are
reasonably secure (but not as secure as the one you disallow), somewhat easy to remember
(albeit not as easy as 4 common words would be), and that actually fit in 14 characters: We
alternate consonants and vowels for 12 characters, then append 2 digits on the end. It'll be
pronounceable, it not meaningful, and we only need to remember 6 syllables and one
number, instead of 14 arbitrary characters. Its entropy is about 46.9, so only 1000 times
worse than the approach you ban. Probably the best compromise solution, given the
constraints. But if you would allow arbitrarily long passwords, we wouldn't *need* to
compromise. I'd like to point you at Stanford's policy as an example of a password policy
designed by people who know what they're doing:
https://uit.stanford.edu/service/accounts/passwords/quickguide. They have the standard
requirements on what types of characters must be included when the password is too short
to be especially secure (e.g. 8-14 characters long or so), but when the password is a
reasonable length, they neither have nor *need* additional restrictions: with enough length,
a password is almost impossible to brute force even if it's all lowercase. 2) You automatically
replace all links in email with a link to a third party service that checks if they're dangerous.
This both breaks my spam filter, which would otherwise be able to identify links where the url
doesn't match the text as likely scams, and also means that any link with secret information