Password Improvements In 2018

One of the best ways an organization can begin to improve its overall security is to ensure that every account is protected by a strong password. To better protect employee/student records, intellectual property, and other sensitive University data, ITS has revised our password policy to include new minimum requirements and guidelines on creating and safeguarding better passwords.

Using a new Self-Service Password Reset tool, ITS will be facilitating password changes for all Lander employees and students throughout the Spring 2018 semester. Prior to initiating controlled waves of password expirations, we will provide many opportunities for the Lander community to participate in guided walkthroughs to update their password.

Note: these changes affect your Lander (Active Directory) account, which is used to access Lander computers, MyLander, email, Bearcat Wireless, and (soon) Banner 9.

The Basics

The revised password policy was designed with both security and simplicity in mind. We want every Lander account to be protected by a strong password, but your password creation process should not involve moving down a lengthy checklist of arbitrary complexity requirements.

To encourage a more creative, less restrictive approach to passwords, the essential requirements to keep in mind are:
  • Your password must be at least 10 characters in length.
  • Your password must include at least one letter and one number (special characters are encouraged but not mandatory).

New Year, New Password

Research has shown that mandating frequent password changes (such as every three months) does not produce consistently strong passwords. When presented with such a requirement, we often keep the same core password and add a "1" or "2" at the end, which negates any benefit of changing the password.

Under the revised policy, Lander passwords will expire every 365 days. This means that you are only responsible for creating and remembering one strong Lander password every year instead of four.

No, "Password123" Is Not A Good Password

When you change or reset your password, the new password will be checked against a list of banned (common or previously compromised) passwords before being accepted. This blacklist allows us to keep password requirements simple while remaining confident that weak passwords are not diminishing the security of Lander accounts.

Change Your Perspective On Password Creation

Equally as important as our new minimum requirements are our guidelines for creating strong passwords. Our goal is to help everyone move away from the traditional expectations of what a password should be. Using our guidelines, consider the advantages of passphrases, and take the opportunity to get creative when securing your Lander account.

Policy And Supporting Documentation