I feel that we should be able to have one single username/password as long as
all systems that use it are secure. I've never kept my calendar password the
same as my UNIX password as I've not known if it was truly secure or not. My
only problem with using the UVM netid password for everything at UVM is that
there may be some applications that have access to the password when it is
input, save it then store it in an insecure manner. Some applications address
the issue and tell you how they manage passwords but most don't.
I don't like mandatory password expiration. I change my password periodically,
sometimes it is after 6 months, sometimes it is after 5 years. Generally
mandatory expirations pop up when you are in a hurry and as a result you pick a
less secure password because it is easy to come up with and you need it NOW.
You may go back later and change it to be more secure but for a while it is more
insecure than if you had had the original.