University Password Policy Update
Dear Regis Faculty and Staff,
Important changes to our university's password policy will be implemented over the coming weeks to enhance the overall security of our systems and protect your personal information. Please carefully review the following updates and respective implementation dates:
Starting July 10th if your password is older than 90 days, you will be prompted to change your password in order to meet new necessary security requirements. It is recommend that you update your password in the next two weeks to ensure a smooth experience and avoid response delays to help requests when the July 10th enforcement date goes into effect.
Policy Changes
Increase Password Length Requirement:
Effective June 26th, the minimum password length requirement will be increased from 7 to 10 characters. This change aims to strengthen the complexity of passwords and mitigate the risk of unauthorized access to your accounts. By setting a higher minimum length, we encourage the use of longer and more secure passwords that are less susceptible to hacking, or brute-force, attacks.
Account Lockout after 10 Bad Password Attempts:
Starting July 3rd, our systems will enforce an account lockout mechanism after 10 consecutive failed password attempts. This measure is intended to thwart brute-force and automated password guessing attacks. By locking an account after a certain number of unsuccessful login attempts, we significantly reduce the likelihood of unauthorized access to our accounts.
Account Lockout Period after 10 Bad Password Attempts:
Also on July 3rd, we will implement a lockout period of 10 minutes following 10 unsuccessful login attempts. This temporary account lockout period will act as an additional deterrent to potential attackers by introducing a time delay before further login attempts can be made. It serves as an effective defense against automated password cracking tools and encourages us all to be more cautious with our login credentials.
Mandatory Password Changes Every 90 Days:
Effective July 10th, users will be required to change their passwords every 90 days. Regular password updates help protect against the misuse of compromised credentials over extended periods of time. By implementing this policy, we aim to ensure that accounts remain secure and reduce the risk of unauthorized access resulting from the reuse or prolonged exposure of passwords.
We understand that these changes may require some adjustments to your current password practices. However, they are crucial in maintaining the confidentiality and integrity of your personal information within our systems. The IT security department is committed to continuously improving our security measures to safeguard your data and provide you with a secure computing environment.
FAQs:
- What happens if I don’t make these changes?
- This policy will be automatically enforced for all Regis users. When the 90-day policy takes effect for your account, the system will prompt you to update your password upon your next login.
- Can I change my password now?
- Yes. If you decide to make the change earlier, please reference these new requirements and support material below.
- When do I have to do this?
- On July 10th, if your current password does not meet these requirements, or if you haven’t changed your password in 90 days, you will be prompted to make the changes at your next login attempt.
To help you prepare for these changes, we will be providing resources, such as training materials and guidelines, to assist you in creating stronger passwords and understanding the new policies. Further communications will be sent out in the coming days to provide details and instructions on how to comply with the updated password requirements.
Resources:
- Regis Knowledge Base Article
- Microsoft Article – Self Service
- MediaSpace
Thank you for your cooperation in ensuring the security of our university's digital assets. If you have any questions or concerns, please do not hesitate to contact our ITS support team at (303) 458-4050.
Thank you,
Regis ITS