1.  Home
  2. MIDRANGE-L
  3. August 2013

Re: password system values

Password length is evaluated when a password is changed, not when a user
signs on. So if you up the minimum length it will affect people as their
passwords are used, not all at once.

Expiration interval, however, is evaluated whenever an ID is used. I would
suggest emailing all users that effective on some date, passwords will
expire every 90 days (or whatever interval you settle on) and that if their
password has not been changed in at least that long they'll be prompted to
change their password on that date. They'll just have to make the change
and this way the help desk can plan for potential higher call volume on
that day.

That same communication can cover the new minimum length and any other
changes to policy. It's best, i.e. less confusing for everyone, to tell
the users everything at once rather than sending them something every few
weeks. Likewise, if the password requirements are codified in a policy,
the communication is a perfect place to refer folks to your policy store
(intranet site like SharePoint or just a public read-only folder on a file
server).

And it's less work for you.


On Tue, Aug 13, 2013 at 7:53 AM, dale janus <dalejanus@xxxxxxxxxxxxxxxxx>wrote:

We have very old password system values. I would like to gradually
change them. Ideally I would like to avoid forcing everyone to change
their passwords on the same day.


If I increase mimimum password length in the system value, what happens
to those who's length is too short? Will their password be invalid?
Will they have to change it immediately?

Same thing with expiration interval. We don't have any expiration dates
so some passwords are probably years old. I plan on changing it in the
user profile so that I stagger everyone over a few months. Then after
90 days or so, I change the system value and then go back and change all
the user profiles from a number of days to system value.


I did not see a system value that would require a number or special
character to be part of the password. Just limits on what cannot be part
of the password.

If I have to implement all the changes at once, so be it. I was just
trying make it a little easier on my users.

Thanks

---Dale

--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/midrange-l.





As an Amazon Associate we earn from qualifying purchases.

This thread ...
Replies:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.