How to write a good phishing e-mail

When we were working on the project that required all 45,000 IT accounts on campus to change their password yearly, we had to craft a series of reminder e-mails that the looming deadline was, well, looming. The content was simple enough: Tell users their password is expiring Tell users where to go to change their … 

 

Why we age passwords

In my previous blog post, I talked about the password standard at the University of Calgary. The password standard dictates that passwords on our user’s IT accounts must follow certain rules. Notably, length and complexity, but also that they must be changed once a year. In the same blog post I also mentioned that I … 

 

Yes, I know our password policy sucks

In 2014 I built the Password Management system for the University of Calgary. The largest feature of the tool is the ability to change your own password, and to change your password you have to follow our password standard (we don’t say password policy around here, for the same reason computer scientists don’t call themselves …