Educause Security Discussion mailing list archives
Re: Password Expatriation notification
From: "Kieper, David" <kieperd () UWGB EDU>
Date: Tue, 17 Aug 2010 20:51:32 +0000
We email persons daily starting 14 days before their password expires, until they change their password, or it expires. Mail is sent from the campus helpdesk email account. Email is pretty brief and contents are pasted below. Regards, David Kieper Manager, Network and Infrastructure Services Information Technology Security Officer Information Services Division University of Wisconsin - Green Bay office: (920) 465-2238 2420 Nicolet Drive fax: (920) 465-2864 Green Bay, WI 54311-7001 USA email: kieperd () uwgb edu Dear Last Name, First Name In the interest of improving the security of our campus network and data, we have implemented more stringent password policies for network accounts. Campus network passwords are now set to expire after six months. Your password will expire in 10 days on 8/4/2010. Please visit (campus web link) for more information on how to change your password. Please note that all new passwords must conform to the following minimum standards. 1. be a minimum of eight (8) characters in length. 2. be memorized; if a password is written down it must be stored securely. 3. contain at least one (1) character from three (3) of the following categories: i. Uppercase letter (A-Z) ii. Lowercase letter (a-z) iii. Digit (0-9) iv. Printable special characters (~`!@#$%^&*()+=_-{}[]\|:;"'/?<>,.(space)) (Do not use a space as the last character of a password or you will be unable to log into D2L or RMS) 4. be private and not shared with anyone. 5. not contain your proper name or username. 6. be expired every six months. 7. be tracked so that the last ten passwords are retained and cannot be reused. In addition, we'd like to encourage use of pass phrases, which make it easier to remember longer passwords. Please visit http://www.uwgb.edu/compserv/policies/password_info.htm for more information on using pass phrases. Failure to change your password before 8/4/2010 will result in an inability to log into campus resources, including email, the Student Information System, D2L, and other systems. Please feel free to contact the Help Desk, Monday-Friday, 8:30am-4:30pm, at (920) 465-2309 for assistance. -----Original Message----- From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of James Farr '05 Sent: Tuesday, August 17, 2010 1:44 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] Password Expatriation notification We recently implemented a policy where the users receives an email 30 days before the password is set to expire. Sure enough people thought this was a phishing attempt. However, since we have some off campus users that may never step foot on campus email seemed to be the only way to notify everyone. How do others notify their campus about passwords expiration? How often do you send those reminders? IITS will never ask you for your password. Never email your password to anyone. James Farr Information Security Officer Instructional Technologist Utica College jfarr () utica edu 315-223-2386
Current thread:
- University credentials used by third parties Justin Sherenco (Aug 17)
- Re: University credentials used by third parties Walter Petruska (Aug 17)
- Re: University credentials used by third parties Ken Connelly (Aug 17)
- Re: University credentials used by third parties Bob Bayn (Aug 17)
- Re: University credentials used by third parties Sam Hooker (Aug 17)
- Re: University credentials used by third parties Cathy Hubbs (Aug 17)
- Re: University credentials used by third parties Pete Hickey (Aug 17)
- Re: University credentials used by third parties Valdis Kletnieks (Aug 17)
- Re: University credentials used by third parties Walter Petruska (Aug 17)
- Password Expatriation notification James Farr '05 (Aug 17)
- Re: Password Expatriation notification Ken Connelly (Aug 17)
- Re: Password Expatriation notification Kieper, David (Aug 17)
- Re: Password Expatriation notification Bob Bayn (Aug 17)
- Re: Password Expatriation notification James (Aug 19)
- Re: Password Expatriation notification Ullman, Catherine (Aug 19)
- Re: Password Expatriation notification Mark Monroe (Aug 19)
- Re: (***POSSIBLE SPAM***) Re: [SECURITY] Password Expatriation notification SCHALIP, MICHAEL (Aug 19)
- Re: (***POSSIBLE SPAM***) Re: [SECURITY] Password Expatriation notification Walter Moore (Aug 19)
- Re: (***POSSIBLE SPAM***) Re: [SECURITY] Password Expatriation notification Valdis Kletnieks (Aug 19)
- Re: (***POSSIBLE SPAM***) Re: [SECURITY] Password Expatriation notification Charles Buchholtz (Aug 19)
- Re: (***POSSIBLE SPAM***) Re: [SECURITY] Password Expatriation notification Valdis Kletnieks (Aug 19)
- Re: (***POSSIBLE SPAM***) Re: [SECURITY] Password Expatriation notification Charles Buchholtz (Aug 19)