ITD to implement new password standards in January
ITD will implement new standards for passwords on Jan. 4, 2010, to bring the department into compliance with the Information Technology Resource Management Council’s (ITRMC) policies and guidelines related to user and system passwords.
The change also supports the governor’s consolidated services initiative for information technology, explains Forrest Anderson, ITD’s cyber security officer.
Two characteristics make a strong password – the length of the password and the variety (mix) of characters. The longer the password is, combined with the mix of characters (letters, numbers, symbols, and upper and lowercase) the harder it becomes for an unauthorized person to access sensitive or confidential information.
Enterprise Technology Services (ETS) will implement the new password policy Jan. 4. After that date, the next time that users are prompted to change their password, they will be required to provide a password that meets the following criteria:
a. Each of the last 12 passwords must be unique. This changes from 10 today.
b. Maximum password age 90 days (no change)
c. Minimum password age one day (no change)
d. Minimum password length eight characters (changes from six today)
e. The password cannot contain a user name and must contain three of the following four elements:
i. Upper case letters
ii. Lower case letters
iii. Numerals (0-9) and/or
iv. Special characters (!*&%, etc)
f. Accounts will be locked out after five attempts to unsuccessfully enter the password (changes from three today)
g. Amount of time the account will be locked out after five password attempts is 15 minutes (no change)
h. When logging on to the computer, a user’s name will not be remembered from the last one that was entered. Users will need to enter their user name each time they log on (changes from today where a user name is retained from the previous logon).
In addition to those changes, computer screens will automatically lock after 20 minutes of inactivity. To get back to the screen, users will need to re-enter their user name and password.
Questions related to the password change should be directed to the ETS Service Center at 334-8175.
Note: Please click the links below to learn more about how to protect yourself and the ITD data for which you are responsible:
How long will it take to crack your password?
How to create strong passwords
The new password standard