Re: Password change *recommended* -- RESULTS?

[Roger A Safian <r-safian () NORTHWESTERN EDU>]

We have always had password aging here.  We used to do it quarterly, but, we changed several years ago to annually.  
Users don’t have a choice.  Nobody likes changing their password and I still get hate mail for it, but, I think most 
people understand our motivations.

From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Mitchell 
Pautz
Sent: Wednesday, April 16, 2014 10:57 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Password change *recommended* -- RESULTS?


Here at CSU Fullerton we are changing our password expiration policy. Part of the policy will have all campus employees 
change their passwords. I would be interested in hearing how other have promoted and campaigned this effort.







From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () 
LISTSERV EDUCAUSE EDU>] On Behalf Of Pedersen, Krystal
Sent: Wednesday, April 16, 2014 5:04 AM
To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>
Subject: [SECURITY] Password change *recommended* -- RESULTS?



Hello Everyone – I was looking to get an idea as to how successful a recommended password change broadcast is (to the 
entire school population)? Perhaps a percentage, such as -- last time we sent a broadcast out recommended a password 
change, with instructions on how to change your password, less than 1% of passwords were actually changed?



Thanks!



Krystal Pedersen, CISA

Information Technology

Information Security, Risk & Compliance Analyst

krystal.pedersen () umassmed edu<mailto:krystal.pedersen () umassmed edu>