Mr. Kolligian ("Student reader vents on new password regulation" Dec. 7) is right when he claims that students have the right to determine who they give their password to. What he is incorrect about is his assertion that regulating access to a university-provided network by way of a mandated password change is not the purview of the university. Penn State policy AD-20 gives ITS the right to "limit, restrict, or terminate any account" -- this policy is nothing new or novel. Corporations and educational institutions across the country implement password policies just like the one Mr. Kolligian complains about to protect their own IT assets. It's not unreasonable to want to regulate access to the massive amount of data available on Penn State servers by requesting a simple password change. This has nothing to do with any power play on the part of the administration -- instead of complaining that we're not being treated as professional adults, why not just use some common sense and exercise sound security practices just like the professionals do?