Educause Security Discussion
mailing list archives
Re: Password Management for Students
From: Kenneth Arnold <bkarnold () CBU EDU>
Date: Mon, 13 Oct 2008 10:51:23 -0500
1. The financial auditors mandated that we must expire passwords on a
regular basis. We decided to expire them in 120 days so that if a
person reset their password at the end of the school year it would not
expire until the school year resumed.
2. They can contact the helpdesk and the helpdesk will reset the
password for them. They then need to come to the helpdesk to pick up
the password information. We also have an on-line password reset that
requires them to know three personal pieces of information in the
database and the answer to their own question.
3. An automated process sends an email warning at 1 month, 2 weeks and
every day starting at 7 days before expiration until the password either
expires or the password is changed.
4. We don't use UPortal
Joey Rego wrote:
Ladies and Gentlemen,
I was hoping someone could lend me some assistance. We are trying to
make some changes to our password policy for our students and we were
hoping to find out what other institutions are doing. So here are our
· How did you decide on the policy?
· How are the students resetting the password once it expires?
· Are you notifying your students when their password is
expiring via an email and is this process automated?
· Does anyone responding use UPortal using Active Directory
for user authentication and how they are notifying the users that
their account is expired or expiring through UPortal?
Thanks for your help in advance
Brother Kenneth Arnold
Director of Network Systems
Christian Brothers University