August 30, 2015
UAB is revising its password/passphrase policy to ensure better security for campus assets.
Under the new policy that is being phased in beginning Sept. 15, passwords/passphrases will need to be 15 characters, but the passwords will expire after one year.
Implementation of the policy will be phased in; while users can change their passwords at any time at BlazerID Central, they will NOT be required to change their passwords to 15 characters until their current password expires. Enforcement of the new requirements and expiration will begin on the first password change event after the policy goes into effect on Sept. 15.
Fifteen-character passwords are much harder to crack than eight-character passwords, making them more secure than UAB’s current standard. Once a password/passphrase expires, a user will never be able to reuse it.
A strong passphrase:
- Is a series of words that create a phrase.
- Does not contain common phrases found in literature or music. You can choose a sentence or phrase that is familiar to you, but use the first letter of every word as a mnemonic device.
- Does not contain words found in the dictionary. You can replace certain letters in words with numbers, such as 1 for an I or L.
- Does not contain your user name, real name or company name.
UAB’s passphrases must contain three of the following four characters: an uppercase letter, a lowercase letter, a number and a special symbol.
When users log into BlazerID Central to change their passwords, they will automatically be prompted to enroll a phone number in the Identity feature, which allows users to more easily reset a BlazerID password/passphrase without having to contact AskIT.
UAB IT is also actively pursuing a contract for a password manager for faculty, staff and students.
Published in Announcements - Information Security