Re: 802.1X password reset issues

[William Clark <wclark () WEBER EDU>]

Try this. My Apple-1 was not allowing me to log in and passwords changes
worked only once or not at all. My other Apple-2 worked great. My PC-1
didn't. My PC-2 did great.
Common only to the password errors problems machines? Googles "Password
Synchronization Service". It purports to allow a single pw to be used on
all your machines with Google program integration. You can find it in the
preferences Google panels.
I re-did the bad machines and left off the Google goodies and left "Sync
Passwords" off. And now they run like a charm.
One pw across all your own machine is a bad security practice at a
University and I am surprised Google did this and put it in users hands. wc

On Wed, Nov 14, 2018 at 1:46 PM Davis, Michael <MichaelDavis () letu edu>
wrote:

> Jim,
>
>
>
> We’ve had the same experience as you with our policy of annual password
> changes for employees. We would use Netwrix tools for the Help Desk to
> identify where the lockouts were coming from so we could guide the employee
> on what device to check and whether it was email or WiFi, etc.
>
>
>
> Now, we’re in the process of eliminating expiring passwords to better
> align with the latest NIST recommendations. So far it’s an opt-in preview.
> Any of our employees who want a non-expiring password can email us and we
> put them in a security group that enables Azure AD MFA and sets a
> fine-grained password policy that requires more characters (15 instead of
> the old 7), but eliminates password expiration and complexity. Excellent
> feedback thus far from our participants and we expect we’ll eventually roll
> this out to everyone.
>
>
>
>
>
> *Michael A. Davis *
>
> Director, Information Security
>
> Director, User Support & Engagement
>
> [w] 903.233.3500 *|* [f] 903.233.3501
>
> [l] LinkedIn/michaeldavis
> <http://www.linkedin.com/in/michael-davis-b042b84> *| *[t] @mdavis332
> <http://twitter.com/mdavis332>
>
>
>
>
>
>
>
> *From:* The EDUCAUSE Security Community Group Listserv <
> SECURITY () LISTSERV EDUCAUSE EDU> *On Behalf Of *Pardonek, Jim
> *Sent:* Wednesday, November 14, 2018 2:37 PM
> *To:* SECURITY () LISTSERV EDUCAUSE EDU
> *Subject:* [SECURITY] 802.1X password reset issues
>
>
>
> We are getting some grumbling from several staff that get into a password
> lockout condition when changing their twice a year required password.  We
> mostly see this when people have multiple devices connected to the wireless
> network and they forget one of them and it locks out from re-auth requests
> or if they don’t change the password for their email client and that locks
> us out.  We have recommended procedures (turn off all devices but one and
> re-do the password one at a time).  We’ve tried to make it less painful by
> upping the number of failed password attempts before it locks out, but I
> don’t want to get to a point where we sacrifice security for convenience.
> Any any of you folks have similar issues and what have you done to make it
> easier?
>
>
>
> Thanks,
>
>
>
> Jim
>
>
>
>
>
> *James Pardonek, MS, CISSP, CEH, GSNA*
>
> *Information Security Officer*
>
>
> * Loyola University Chicago  1032 W. Sheridan Road | Chicago, IL  60660 *
> * (**: (773) 508-6086*
>
>
>
> *Loyola University Chicago will never ask you for your username or
> password.*
>
> *For the lastest information security news at Loyola, please follow us
> online,*
>
> *Twitter: @LUCUISO*
>
> *Facebook: https://www.facebook.com/lucuiso/
> <https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.facebook.com%2Flucuiso%2F&data=02%7C01%7Cmichaeldavis%40LETU.EDU%7Cae9328c77f7048f88d6008d64a7104e7%7C97a5855489f64d5a9806dd0ee085d235%7C1%7C0%7C636778246616107075&sdata=SPHkB51Frd3QX3HAw0fMSAGp7%2BX7%2Bu7GApXgxbhAOsI%3D&reserved=0>*
>
> *Our Blog http://blogs.luc.edu/uiso/ <http://blogs.luc.edu/uiso/>*