Password policy change on horizon

January 24, 2018

North Dakota University System staff and studentswill soon no longer have to worry about coming up with a new password every 90 days. That is, unless they want to.

A new policy is set to go into effect Feb. 5 that will give system employees and students the opportunity to change their password for the last time. The policy was prompted by discussion among the campus chief information officers and security personnel, who reached consensus that it was a good time for the change.

“Primarily, the changes to the requirements are being made due to significant improvements in NDUS security controls, such as the addition of Duo multi-factor authentication on many critical systems and applications,” said NDUS Director of Information Security Brad Miller. He also stated that “the new requirements are aligned with recently released guidance from the National Institute of Standards and Technology, which outlines best practices for secure passwords.”

Over the next 90 days, in accordance with the existing expiration schedule, users will receive an email notification asking them to change their password one last time. The new requirement will require users to choose a password between 12 and 16 characters. Miller also said change in character length was done because, basically, “the more characters, the better.

“We like to encourage people to use a ‘passphrase’, which is a sequence of words or a sentence, primarily because it makes a longer password easier to remember,” Miller said. “Although not required, adding special characters, numbers, or upper case letters will make your password even more resistant to attack.”

Checks will be in place to not allow individuals to choose passwords that are commonly used and therefore could be easily guessed by an attacker. Finally, instead of the typical security questions that are attached to forgotten password prompts, users will be prompted to add a secondary email address or enable Google Authenticator for password resets.

Although the policy is changing, the process to change your password isn’t. As always, to change your NDUS account password, go to the university system helpdesk website at helpdesk.ndus.edu. Click on “Your NDUS Account” and then on the next page click “Change My NDUS Account Password” and follow the on-screen instructions.

If you have any questions or need assistance please contact your local campus help desk.