Group Email Manager

login signup

Email list hosting service & mailing list manager

FastLane PIN security Richard Moore 17 Feb 2000 09:44 EST 
After reading almost all of the recent debate on fastlane PINs/
passwords and trying to digest it all I thought I'd finally wade in.

I also maintain a list of PI - PINs  The ones I assign are based
on a "secret formula" which anyone could probably figure out if
they thought about it. We are a small institution - only 38
fastlane users, including four persons w/ admin. privileges.  In
the last two years I have had one PI request that I change their
PIN to something else (really secret)  and five who called me
up to say that they either forgot or never knew what their PIN
was.  I expect that even larger institutions would find much the
same ratios between PIs who are very concerned over
security and those who aren't bothered.

My first reaction was like many of yours - this will never work -
but after a few days  I am beginning to see its not as bad as
first assumed.  Our NT based LAN network system requires
that we change passwords every 45 days, but if we also have
rights to the UNIX server those passwords expire every 30
(actually 33) days.  Rather than trying to keep track of two
dates I just change both at the same time - at 30/31-day
intervals. (and no they are not the same, close, but not
identical).  So I imagine many PIs would elect to change their
Fastlane passwords more frequently than the 180 days even if
they aren't actively working on a proposal at that time.

 When I hear about a fastlane proposal being developed I do
ask that all PIs assign a proposal PIN and suggest that they
use our internal routing number.  In fact I tell them if they want
any help they have to do this.  So far no one has objected -
and only one person had trouble, requiring me to logon as the
PI.

One question that occurs to me - I haven't yet encountered
proposals on which the new "allow SRO editing right" has
been invoked.  How if this different from editing a proposal by
accessing it using  a proposal PIN number?  I know with the
PIN number I can't edit PI info, but I seem to be able to do
anything else - and thats, so far, everything I have needed to
do to help out.

 Dr. Richard H. Moore
 Assistant Vice President for Grants and Sponsored Research
Coastal Carolina University           Internet: xxxxxx@coastal.edu
P.O. Box 261954                          Voice: 843-349-2050
Conway SC 29528-6054                       FAX: 843-349-2726
 ***NOTE NEW AREA CODE***

======================================================================
 Instructions on how to use the RESADM-L Mailing List, including
 subscription information and a web-searchable archive, are available
 via our web site at http://www.hrinet.org (click on "Listserv Lists")
======================================================================