A goodly proportion of the emails generated by me are password reset requests, which create a repetitive cascade of emails.

I routinely cannot reestablish control over an access point because I changed jobs (so I no longer have access to the email address that the journal used for me). <<>>

These password reset requests are stupid and unnecessary, but are required by guarded "entry points" for innumerable online accounts and projects. Each of these entry points, spurred on by a clearly exaggerated sense of self-importance, has participated in an arms race of ridiculous arcane rules for passwords (<<xkcd cartoon>>). The example below from the journal Structural Control and Health Monitoring via the primary offender, the online manuscript management system ScholarOne, has decided to further escalate the war on common sense by expanding it to user IDs. It wants to use my email address--which is defined to be case insensitive for obvious reasons--as the user ID for the entry point. But it makes it case sensitive, and it arbitrarily introduces stray capital letter than I would neither countenance nor remember in a thousand years.

Keep in mind that they are asking a favour of me!

It is because of these <<>>. These same entry points often invasively demand personal information about me, mediated always by "modal dialogs" that will not successfully close--and sometimes not close at all--until you give them what their tyrannical asterisked fields demand. I note that they thereby violate and make a mockery of the very meaning of the word dialog.

The University of Liverpool juggles a host of online services, including email, software, and records, all guarded by entry points demanding my security details including a password. Brilliantly, the university uses the same user Id and password to access any of these features. I think using a single password is great, but of course they have managed to screw it up, and in the process created a serious security weakness.

The university has created multiple separate barriers at entry points to different online services. Email, Blackboard, library services, financial and private records, and dozens if not hundreds more functions all guarded by entry points demanding my security details including my password. This means that I must reenter my user ID and password for every system I try to access, which means I have to reenter them dozens of times a day. Presumably, the university's security mavens elected to require repetitive password entry to avoid the situation where I have logged onto a computer to run Matlab then walked away without logging out, exposing my account via an unattended computer, despite the automatic log out, which happens after just a few minutes of idle time.

What CSD seeming fails to account for is that, by forcing me to log in with my security details sometimes dozens of times a day, it creates an environment in which I am very likely to be spoofed into revealing those security details to malactors. Forcing repetitive password entry is a security hazard because it psychologically devalues the importance of the security protocol and exchange that password entry represents.

<<xkcd solution to the password problem; HSBC's my voice is my password>>

Email responding to password reset request [emphasis added]

From: Structural Control and Health Monitoring [mailto:onbehalfof@manuscriptcentral.com]

Sent: 09 May 2020 12:02 PM

To: Scott.ferson@liverpool.ac.uk

Subject: Structural Control and Health Monitoring - ScholarOne Manuscripts Password Request

09-May-2020

Dear Dr Ferson

This e-mail has been generated by the entry of your email address into the 'Password Help' box in the online submission system for Structural Control and Health Monitoring.

Your case-sensitive USER ID at https://mc.manuscriptcentral.com/stc is as follows:

USER ID:

Scott.ferson@liverpool.ac.uk

Please use the link below to be taken directly to your user account screens to select a new permanent password. You may be required to complete some additional information related to your field of expertise and your location.

https://mc.manuscriptcentral.com/stc?URL_MASK=e6d0ead9104146d282331fd60aa387a9

After completing the set-up of your account you will be able to log-in

Thank you for your participation.

Yours sincerely

Dannica Lara

Structural Control and Health Monitoring Editorial Office

Password Requirements:

• • Cannot be a recently used password

  • Cannot be the same as your username

  • Minimum of 8 characters

  • Minimum of 2 numbers

  • Minimum of 1 letter (Upper or lower case)

* = Required Fields

Your Profile Needs to be Updated

The following profile item(s) need to be updated before you can access the site:

• • Address is a required field

  • Country / Region is a required field

  • City is a required field

  • Postal Code is a required field

  • Keywords - Combo Attribute needs more selections for Structural Control and Health Monitoring

  • Marketing preference is a required field