Educause Security Discussion mailing list archives

Re: Password expiration Process ?

From: "Penn, Blake" <pennb () UWW EDU>
Date: Thu, 6 Apr 2006 10:36:51 -0500

Theresa:

We have had a rather smooth experience with enabling password expiration.
It might be important to note that we "bundled" this change with our initial
identity management process (single sign-on).  We haven't had many
complaints, and those that we have received are mostly from marginal
individuals that can be accurately described as change-adverse.

By offering benefits of single sign on, and password self-service, we
largely nullified any negative attitudes about mandatory password changes
which are very lenient compared to industry and regulatory standards (every
180 days, although areas mandated to be in regulatory compliance are
required to change every 90 days).  Feel free to contact me off-list if you
would like more details about our experience.

____________________________________________
Blake Penn, CISSP
Information Security Officer
University of Wisconsin-Whitewater
(p) 262-472-5513 (f) 262-472-1285
pennb () uww edu | http://www.uww.edu/security/


________________________________

From: Theresa Semmens [mailto:theresa.semmens () NDSU EDU]
Sent: Thursday, April 06, 2006 9:14 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Password expiration Process ?



We are about to enable the Password Expiration process on our student
administration self-service portal.  Grades, course registration and
financial aid are among the functions that the student can access.  As soon
as we 'flip the switch', all passwords expire, and the fun begins.

My question is two-fold.  First, are any of you using a password

expiration process in a student self-service environment?   We have gone

for some time without this, so the password problems we have are the normal
'I forgot' situations.

Second, were there any repercussions after password expiration had been
enabled?  Was it accepted as a standard business practice, or viewed as just
another obstacle in the path of the student, faculty and staff?

Thank you for your time and response.


http://surveys.idgresearch.com/CSO/CSO_RI2.htm?s=FZE0E93AK&iid=891&m=18894
Semmens, CISA

IT Security Officer

North Dakota State University

IACC 210C

Ph: 701-231-5870

E-mail: theresa.semmens () ndsu edu



"If you believe you cannot do something, it makes you incapable of doing it.
But when you believe you can, you acquire the ability to do it, even if you
did not have the ability in the beginning."       Mahatma Gandhi

Attachment: smime.p7s
Description:

Current thread:

Password expiration Process ? Theresa Semmens (Apr 06)
- <Possible follow-ups>
- Re: Password expiration Process ? Scott Bradner (Apr 06)
- Re: Password expiration Process ? Franklin, Elliott (Apr 06)
- Re: Password expiration Process ? Penn, Blake (Apr 06)
- Re: Password expiration Process ? David Lundy (Apr 06)
- Re: Password expiration Process ? Gary Flynn (Apr 06)
- Re: Password expiration Process ? Drews, Jane E (Apr 07)
- Re: Password expiration Process ? Kenneth G. Arnold (Apr 07)
- Re: Password expiration Process ? Cal Frye (Apr 07)
- Re: Password expiration Process ? Theresa Semmens (Apr 07)
- Re: Password expiration Process ? Theresa Semmens (Apr 07)