Password Change Process
An Explanation of NAU's Password Policy and Change ProcessNAU provides a password change web application. Your password is the key that unlocks access to much of your personal information. It provides full access to your email accounts, including received and sent email, and all the information you have stored on your personal contacts. It also unlocks the ability to send email from your Exchange or Gmail account. Your password protects your access to LOUIE/PeopleSoft, which contains a wealth of personal information belonging to you, including staff payroll and benefits information, and the social security numbers for you and your beneficiaries. Student information, including class schedules and transcripts, is also accessible. Your password may also unlock special privileges in any number of business or academic applications to which you have access.
Because your password is so important, several rules are in place to ensure it is not easily guessed, and that, if someone tries too many times to break into your computer accounts, it is disabled to prevent unauthorized access to your information and privileges. This article describes the rules that are used to govern complexity, duration, and protection of your password.
Password Complexity Requirements
- Minimum number of characters: 7
- Lower Case character requirement: 1
- Upper Case character requirement: 1
- Number / special character requirement: 1
- No references to your name or uid
Maximum Password Age
This setting determines the amount of time (in days) that a
password can be used before the system requires the user to change it. The
value has been set at 90 days for faculty and staff and anyone who has received
FERPA privacy training. All others, mostly Students, will have 120 days.
Minimum Password Age
This setting determines the amount of time that must pass before users
can change their passwords. Defining a minimum password age prevents
users from circumventing the password history policy by defining
multiple passwords in rapid succession until they can use their old
passwords again. The value for this setting is five minutes, which
discourages rapid password recycling but permits users to eventually
change their passwords.
Account Lockout Threshold
This security setting determines the number of failed logon
attempts that causes a user account to be locked out. A locked-out account
cannot be used until it is reset by an administrator or until the lockout
duration for the account has expired. For Web/LDAP and faculty/staff Windows
accounts, this value is set to five. Student Windows accounts do not lock out.
Account lockout duration
This security setting determines the number of minutes a locked-out
account remains locked out before automatically becoming unlocked. For Web/LDAP authentication, the account remains locked until unlocked by an administrator. For faculty/staff Window accounts, the
lockout duration is set to thirty minutes or until an administrator
enables the user ID. Student accounts do not automatically lock out.
Reset Account Lockout Counter
This security setting determines the number of minutes that must
elapse after a failed logon attempt before the failed logon attempt
counter is reset to 0 bad logon attempts. If an account lockout
threshold is defined, this reset time must be less than or equal to the
Account lockout duration. For faculty/staff Windows accounts, this is set to 30 minutes. Web/LDAP and student Windows accounts do not enforce this.
Password Change Process
NAU provides a password change web application. This application verifies that the newly selected password meets all the requirements outlined above. A measure of the relative strength of the password is shown as a new password is entered, so users can get immediate feedback on how unlikely it will be that their new password can be "cracked." Once it is successfully entered, the new password can be used to unlock both Web-based and Windows accounts.
These policies are in place to help to protect your password to the extent that you do. Remember that it is against the NAU Acceptable Use policy to share your password. If you follow the above guidelines and you protect your password, you will be taking a big step toward protecting the University’s and your own information.
Security for your computers and information, including SSL certificates.