UWDir is getting shit-canned, and is being replaced with WatIAM (Yeah… random capitalization is fucking awesome…)
“For users, the most notable feature change for password management is authentication questions. Users who answer three or more authentication questions can use those answers to login into WatIAM and reset a forgotten password. Those answers do need to be guarded like passwords and not shared with anyone. Users are strongly encouraged to sign on to the new system on February 23 with their existing Quest/ ADS/ myHRinfo password and set their authentication questions.” That’s where the pets come in: typical authentication questions include “who was your first pet?” and “what street did you grow up on?” However, IST isn’t using the question that’s an old standby for electronic banking: “What was your mother’s maiden name?”
“One big difference from a user perspective,” van Oostveen emphasizes, “is that he or she can reset a forgotten password without involving IT specialists.”
My favourite part is the bit where, by using three pieces of non-secret information, you let someone go in and change my password and lock me out, while at the same time delete my courses and fuck over my ability to graduate.  That’s really awesome.
Why not just use the same “reset password” system that every other company in the entire world uses, and send a message to an alternate email address?  I’m amazed that the old system required “IT specialists”.  At last count I had 12 email addresses; and everyone I know has at least 2 (no one I know uses their @uwaterloo.ca address as their only email address… I don’t even think anyone I know uses it as primary address).  Using that system with the “IT Specialist” as a fallback should reduce support calls for password resets significantly.
The biggest problem with the “three personal questions” is that they’re all either something that is ingrained in you enough that you remember it, or it’s another thing you have to remember just like your password (except you don’t use it once every few days).  If it’s so ingrained that you remember it, then it’s probably something that someone could ask you or that might end up in a bio somewhere (cough Palin yahoo email cough).  The only other category would be extremely personal information that’s important to someone - but I don’t see very many women answering, “What object did you first use when masturbating?” or “what is your favorite sexual position?”.
Of course, Waterloo is pretty bad in general when it comes to privacy - sometimes they treat your student number as public information, other times it’s extremely private.  You can find out what room someone’s living in from Housing with a student number and a birthdate, but then when you want to find out what room a friend of yours lives in it becomes ultra-top-secret.  No, it’s either important information or it isn’t.
Western, in order to scratch your computer account, requires your student number (which they give to you) and your OUAC number (which every first year would have, and could find out without too much trouble).  I know no one ever knew what my OUAC number was (heck, even I never memorized it…)