Re: Password Expatriation notification

["Kieper, David" <kieperd () UWGB EDU>]

We email persons daily starting 14 days before their password expires, until they change their password, or it expires.

Mail is sent from the campus helpdesk email account.  Email is pretty brief and contents are pasted below.

Regards,

David Kieper                                    
Manager, Network and Infrastructure Services
Information Technology Security Officer
Information Services Division
University of Wisconsin - Green Bay             office: (920) 465-2238
2420 Nicolet Drive                                      fax:    (920) 465-2864
Green Bay, WI  54311-7001   USA                 email:  kieperd () uwgb edu


Dear Last Name, First Name

In the interest of improving the security of our campus network and data, we have implemented more stringent password 
policies for network accounts. Campus network passwords are now set to expire after six months.

Your password will expire in 10 days on 8/4/2010.

Please visit (campus web link) for more information on how to change your password.

Please note that all new passwords must conform to the following minimum standards.
1.      be a minimum of eight (8) characters in length.
2.      be memorized; if a password is written down it must be stored securely.
3.      contain at least one (1) character from three (3) of the following categories: 
        i.      Uppercase letter (A-Z) 
        ii.     Lowercase letter (a-z) 
        iii.    Digit (0-9) 
        iv.     Printable special characters (~`!@#$%^&*()+=_-{}[]\|:;"'/?<>,.(space)) 

                (Do not use a space as the last character of a password or you will be unable to log into D2L or RMS)

4.      be private and not shared with anyone.
5.      not contain your proper name or username.
6.      be expired every six months. 
7.      be tracked so that the last ten passwords are retained and cannot be reused.

In addition, we'd like to encourage use of pass phrases, which make it easier to remember longer passwords. Please 
visit http://www.uwgb.edu/compserv/policies/password_info.htm for more information on using pass phrases.

Failure to change your password before 8/4/2010 will result in an inability to log into campus resources, including 
email, the Student Information System, D2L, and other systems. Please feel free to contact the Help Desk, 
Monday-Friday, 8:30am-4:30pm, at (920) 465-2309 for assistance.






-----Original Message-----
From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of James 
Farr '05
Sent: Tuesday, August 17, 2010 1:44 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Password Expatriation notification

We recently implemented a policy where the users receives an email 30 days
before the password is set to expire.   Sure enough people thought this was
a phishing attempt.   However, since we have some off campus users that may
never step foot on campus email seemed to be the only way to notify
everyone.
How do others notify their campus about passwords expiration?  
How often do you send those reminders?


IITS will never ask you for your password.  Never email your password to
anyone.

James Farr
Information Security Officer
Instructional Technologist
Utica College
jfarr () utica edu
315-223-2386