Main Nav

Hi
 
How often do you force password changes at your institutions for central credentials?  Do you have different policies for different groups?  Are they enforced by technology or just "suggested best practices"?
 
Louis Aponte
Weber State University
Ogden, Utah
Desktop Security

Comments

Message from r-safian@northwestern.edu

Enforced, everyone is the same, once per year.

 

Message from mclaugkl@ucmail.uc.edu

We do 180 days as we could not get 90 days vetted.  We know that PCI requires 90 but feel that we have adequate additional controls in place to justify 180.

 

- Kevin

 

 

Kevin L. McLaughlin,  CISM, CISSP, GIAC-GSLC, CRISC, PMP

Chief Information Security Officer (CISO) and Assistant Vice President

Administration and Finance

University of Cincinnati

 

513-556-9177

TEWG-Region 6 TLO

 

The University of Cincinnati is one of America's top public research institutions and the region's largest employer, with a student population of more than 41,000.

 

 

How often – 90 days

different policies for different groups - No

enforced by technology - Yes

 

___________________________________

Daniel V. O'Callaghan, Jr., MBA, CISSP

Chief Information Security Officer

Sinclair Community College

444 W Third St, 13-000B

Dayton, OH 45402

937.512.2452

 

 

 

At Creighton we force complex password and allow them to live for 180 days. Bryan McLaughlin ISO Creighton University
Message from aaron@westfield.ma.edu

We have a 90 day password life enforced by AD GPO.  The GPO is applied to everyone on campus.

Aaron

Aaron Childs, CCNA

Associate Director, Networking

Information Technology

www.westfield.ma.edu/it

Please Note: new e-mail address - aaron@westfield.ma.edu

 

Hi Louis,

There are several password policies listed here http://www.educause.edu/Resources/Browse/Password%20Policies/33329 that discuss expiration length etc. See the “Policies” tab to view all the password policies.

Please let me know if you have any questions, thank you.

Colleen Keller
Electronic Resources Librarian
EDUCAUSE - Uncommon Thinking for the Common Good

4772 Walnut Street, Suite 206
Boulder, CO 80301-2538

At Columbia College:

Complex password without repeats

Faculty and Staff: 90 days

Students: As needed (forgot, so a password reset is initiated)

Different groups: Yes

Enforcement by technology.  Several warnings are sent, then the password will no longer work after the expiration date.  User may reset via self-service.

Kev

Kevin Palmer

CIO – Columbia College