Home page logo

educause logo Educause Security Discussion mailing list archives

Re: Password Management for Students
From: Kenneth Arnold <bkarnold () CBU EDU>
Date: Mon, 13 Oct 2008 10:51:23 -0500

1. The financial auditors mandated that we must expire passwords on a regular basis. We decided to expire them in 120 days so that if a person reset their password at the end of the school year it would not expire until the school year resumed. 2. They can contact the helpdesk and the helpdesk will reset the password for them. They then need to come to the helpdesk to pick up the password information. We also have an on-line password reset that requires them to know three personal pieces of information in the database and the answer to their own question. 3. An automated process sends an email warning at 1 month, 2 weeks and every day starting at 7 days before expiration until the password either expires or the password is changed.
4.  We don't use UPortal

Joey Rego wrote:

Ladies and Gentlemen,

I was hoping someone could lend me some assistance. We are trying to make some changes to our password policy for our students and we were hoping to find out what other institutions are doing. So here are our questions.

·         How did  you decide on the policy?

· How are the students resetting the password once it expires? · Are you notifying your students when their password is expiring via an email and is this process automated?

· Does anyone responding use UPortal using Active Directory for user authentication and how they are notifying the users that their account is expired or expiring through UPortal?

Thanks for your help in advance

Joey Rego

Lynn University


Brother Kenneth Arnold
Director of Network Systems
Christian Brothers University
Memphis, TN
(901) 321-4333

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]