Strong Password Policy in Effect January 10

12/14/2004

By James Cope

Notre Dame CIO Gordon Wishon announced that, beginning January 10, 2005, the University would implement a new policy on the composition and aging of passwords used to access central network-based IT services.

Called the Strong Password Policy, the new policy is the latest initiative in the University's ongoing effort to maintain a secure computing environment.

Wishon says, "It is human nature to choose passwords that are simple and easy to remember."

"But as the number of attempts by viruses and intruders to invade campus systems increases, it becomes increasingly important that we act to protect those systems and the sensitive data stored on them," Wishon explains. (See ND Works story)

The strong password system the OIT is putting in place will require that campus computer users create passwords made up of at least eight characters from three character classes - letters, numerals and keyboard symbols, for example — and change them at least every 180 days.

One way to create a stronger password that is easy to remember is to use a "pass phrase," says Gary Dobbins, the OIT's Director of Information Security. He suggests picking a phrase, and then substituting symbols, numbers or unusual letter combinations that only the creator can easily conceptualize.

Although the Strong Password Policy becomes effective on January 10, 2005, Notre Dame computer users will have until October 2005 to change to a stronger password as set forth in the new guidelines. Passwords, once changed, will be good for 180 days, and campus computer users will be notified by e-mail well in advance of their expiration.

Wishon encourages those who have questions on the new password policy to contact the OIT Help Desk at 574.631.8111.