Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Password Complexity and Aging

From: Tom Siu <thomas.siu () CASE EDU>
Date: Sun, 12 Apr 2009 11:22:39 -0400
We did it this year...

All passwords in the central directory, which authenticate all
academic and business systems (e.g. Student Information System, HR,
Blackboard, email, etc.) change on an 365-day basis.

People who work with sensitive information (by department, including
IT) have 180-day maximum password age.  The password expiration does
not apply to alumni accounts because they really cannot access
anything other than public information.

We implemented complexity requirements in 2005, which include:
8-characters or numbers consisting of at least three of these four
characteristics:
-no more than 4 numbers in a group
-upper case
-lower case
- special characters

We now track password ages- and I've got pretty graphs to show the age
distros.  Contact me off list if you'd like to see them.

http://www.case.edu/its/password

|
|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
   Tom Siu
   Chief Information Security Officer
   Case Western Reserve University
   thomas.siu () case edu
   www.case.edu/its/security
   my pgp key can be found at pgpkeys.mit.edu
   216-368-6959
|
|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
* Make sure you sign up for CaseWARN  notifications at
https://its-services.case.edu/my-case-notifications/

Attachment: smime.p7s
Description:

Previous By Date Next
Previous By Thread Next

Current thread: