ITS implements 1-Year Onyen passwords
With much work and collaboration across the organization, ITS launched the one-year Onyen password in May 2019. The project switched the University to a system of changing Onyen passwords once a year rather than every 91 days.
The ITS divisions that contributed to the project were Identity Management, the Information Security Office, Digital Services, Communications, User Support & Engagement, ITS Database and PeopleSoft Administration and the Chief Technology Officer Office.
To enjoy the convenience of changing their password just one time per year, users are required to create passwords that are harder for criminals to crack. Among other requirements, passwords must be at least eight characters long, cannot be reused for four years and cannot be in a database of previously hacked passwords.
The additional security layer from 2-Step Verification made this change possible.
In communications for the rollout, ITS encouraged users to think of their new, stronger password more as a “pass phrase.”
Among the user interface changes, Identity Management created a strength meter on the website where users change their password. The strength meter changes from red, to orange, to green to tell users how strong their password is. If the password is not strong enough or fails for another reason (such as including their Onyen), a short description tells users why the password has failed and what they need to fix.
ITS also provided a new help document to provide additional guidance on creating complex and strong passwords.