Educause Security Discussion mailing list archives
Re: Password Expatriation notification
From: "Dergenski, Todd A." <TDergens () ODU EDU>
Date: Mon, 23 Aug 2010 10:48:52 -0400
This very topic came up in a meeting this morning. Our solution is multiple avenues of notification. We send mails (30, 14 and 7 days out) and also have the lab machines prompt a notification under 30. Additionally, we will be modifying our single sign on to display a notification page under 30 and do a redirect under 3. Messages in our portal are also planned, but are hold until we can come up with more content. They don't like a dedicated box that is empty most of the time. I would recommend to find a service that everyone logs into regularly and see if you can get the message there. Todd Dergenski Old Dominion University Senior Security Administrator 4700 Elkhorn Ave - Room 4300 Norfolk, Va, 23529 USA (757) 683-4301 tdergens () odu edu -----Original Message----- From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Russell Fulton Sent: Saturday, August 21, 2010 1:36 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Password Expatriation notification On 18/08/2010, at 6:44 AM, James Farr '05 wrote:
We recently implemented a policy where the users receives an email 30 days before the password is set to expire. Sure enough people thought this was a phishing attempt. However, since we have some off campus users that may never step foot on campus email seemed to be the only way to notify everyone.
I have had this problem notifying people about possibly compromised credentials too. After a bit of toing and froing we managed to convince the keepers of the university home page to add a password change link to the list of quick links on www.auckland.ac.nz. Now we can tell folk how to change password easily without giving any urls. We will use the same technique when we start expiring passwords later this year. Russell
Current thread:
- Re: Password Expatriation notification, (continued)
- Re: Password Expatriation notification Eric Case (Aug 19)
- Re: Password Expatriation notification James Farr '05 (Aug 19)
- Re: Password Expatriation notification SCHALIP, MICHAEL (Aug 19)
- Re: Password Expatriation notification Eric Case (Aug 19)
- Re: Password Expatriation notification Eric Case (Aug 19)
- Re: Password Expatriation notification Morrow Long (Aug 19)
- Re: Password Expatriation notification Allison Dolan (Aug 19)
- Re: Password Expatriation notification Ullman, Catherine (Aug 19)
- Re: Password Expatriation notification James Farr '05 (Aug 19)
- Re: Password Expatriation notification Russell Fulton (Aug 20)
- Re: Password Expatriation notification Dergenski, Todd A. (Aug 23)
- Re: Password Expatriation notification Ozzie Paez (Aug 23)
- Back on topic.... Re: [SECURITY] University credentials used by third parties Flynn, Gary - flynngn (Aug 24)
- Re: Back on topic.... Re: [SECURITY] University credentials used by third parties Joel Rosenblatt (Aug 24)
- Re: Back on topic.... Re: [SECURITY] University credentials used by third parties Guy Pace (Aug 24)
- Re: Back on topic.... Re: [SECURITY] University credentials used by third parties David L. Wasley (Aug 24)
- Re: Back on topic.... Re: [SECURITY] Universitycredentials used by third parties David Gillett (Aug 24)
- Re: Back on topic.... Re: [SECURITY] University credentials used by third parties Jesse Thompson (Aug 25)
- Re: Back on topic.... Re: [SECURITY] University credentials used by third parties Mike Porter (Aug 25)
- Re: Back on topic.... Re: [SECURITY] Universitycredentials used by third parties David Gillett (Aug 25)
- Re: Back on topic.... Re: [SECURITY] Universitycredentials used by third parties Semmens, Theresa (Aug 25)