Educause Security Discussion mailing list archives
Re: Password expiration Process ?
From: "Penn, Blake" <pennb () UWW EDU>
Date: Thu, 6 Apr 2006 10:36:51 -0500
Theresa: We have had a rather smooth experience with enabling password expiration. It might be important to note that we "bundled" this change with our initial identity management process (single sign-on). We haven't had many complaints, and those that we have received are mostly from marginal individuals that can be accurately described as change-adverse. By offering benefits of single sign on, and password self-service, we largely nullified any negative attitudes about mandatory password changes which are very lenient compared to industry and regulatory standards (every 180 days, although areas mandated to be in regulatory compliance are required to change every 90 days). Feel free to contact me off-list if you would like more details about our experience. ____________________________________________ Blake Penn, CISSP Information Security Officer University of Wisconsin-Whitewater (p) 262-472-5513 (f) 262-472-1285 pennb () uww edu | http://www.uww.edu/security/ ________________________________ From: Theresa Semmens [mailto:theresa.semmens () NDSU EDU] Sent: Thursday, April 06, 2006 9:14 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] Password expiration Process ? We are about to enable the Password Expiration process on our student administration self-service portal. Grades, course registration and financial aid are among the functions that the student can access. As soon as we 'flip the switch', all passwords expire, and the fun begins. My question is two-fold. First, are any of you using a password expiration process in a student self-service environment? We have gone for some time without this, so the password problems we have are the normal 'I forgot' situations. Second, were there any repercussions after password expiration had been enabled? Was it accepted as a standard business practice, or viewed as just another obstacle in the path of the student, faculty and staff? Thank you for your time and response. http://surveys.idgresearch.com/CSO/CSO_RI2.htm?s=FZE0E93AK&iid=891&m=18894 Semmens, CISA IT Security Officer North Dakota State University IACC 210C Ph: 701-231-5870 E-mail: theresa.semmens () ndsu edu "If you believe you cannot do something, it makes you incapable of doing it. But when you believe you can, you acquire the ability to do it, even if you did not have the ability in the beginning." Mahatma Gandhi
Attachment:
smime.p7s
Description:
Current thread:
- Password expiration Process ? Theresa Semmens (Apr 06)
- <Possible follow-ups>
- Re: Password expiration Process ? Scott Bradner (Apr 06)
- Re: Password expiration Process ? Franklin, Elliott (Apr 06)
- Re: Password expiration Process ? Penn, Blake (Apr 06)
- Re: Password expiration Process ? David Lundy (Apr 06)
- Re: Password expiration Process ? Gary Flynn (Apr 06)
- Re: Password expiration Process ? Drews, Jane E (Apr 07)
- Re: Password expiration Process ? Kenneth G. Arnold (Apr 07)
- Re: Password expiration Process ? Cal Frye (Apr 07)
- Re: Password expiration Process ? Theresa Semmens (Apr 07)
- Re: Password expiration Process ? Theresa Semmens (Apr 07)