January 15, 2009
The Case Password Policy changes are moving along well, with users changing their passwords to comply with the new minimum password age requirement. As of January 15, the number of accounts with passwords changed within the past year has overtaken the 16,000 mark. Theoretically, our total regular user population of faculty, staff, and enrolled students is about 15,700. (It is encouraging to see that some passwords are being changed more frequently than the policy requires!)
A few users have reported frustration when the passwords they attempt are serially rejected. The password change tool gives the user instructive feedback about the reason an attempted password is rejected, until the user creates one that passes the "isGood" check. This activity is also logged at the server, so we have been able to observe the issues that trip people up. Here are a few of the most common logged errors:
- Active Directory passwords may not contain numbers 4 or more digits long. (Using a phone number or SSN as your password would fail on this criterion, as would "Golf7777")
- Password must have at least 3 groups from: lowercase letters (a-z), uppercase letters (A-Z), numbers (0-9), or symbols (!@#$%^&*+=). Under this rule, "CAVSRULE09" would fail, but "CavsRULE09" would pass.
- Password contains a dictionary word of 6 or more characters. (Sorry folks, "Indians," "Browns," and "Cavaliers" will all fail the test. "Steelers" too).
- Password contains fewer than 8 total characters. (Just append something - anything! But preferably from another character class - onto the end. It's that easy.)
Users whose systems are in managed Active Directory domains are reminded to restart their Windows PC immediately after changing their password. Users who manage their own workstations and do not log in to an Active Directory domain can spare themselves some headaches by un-checking the "Sync Active Directory Password" option on the Password Change web form.
Still having problems? Check out the password change checklist before you change, or call the Case Help Desk at 368-HELP.
Posted by Thomas Siu at 09:17 AM