Password Expiration for Staff and Students Schedule

5.4.2015

Dear Colleagues,

It is commonly understood that every member of the Brandeis community is committed to protecting the personal and confidential information we routinely work with. We all want to protect the confidences our colleagues, friends and family share with us in email or other online services. Faculty and staff work to protect the confidential student and organizational information we have access to in the course of our jobs. Doing this requires us to protect access to Brandeis and personal online accounts.

As many of you have heard, in early 2015 LTS began addressing the challenge of weak passwords by expiring accounts that had not been accessed in over two years (we call this padlocking the account). Since Jan 1st, over 12,000 accounts have been padlocked and are no longer able to be used maliciously.

In addition, and ppursuant to generally accepted best practices, LTS has been enforcing a regular password change policy beginning this year. Passwords that are 14 or fewer characters must be changed annually. Longer passphrases (15-30 characters in length, comprised of multiple words) must be changed every two years. A fuller explanation of this practice can be found in Brandeis Technology Memo No. 3, available at http://lts.brandeis.edu/about/technology-memos/tech-memo-passwords.html. We rolled out greatly simplified self-service password reset tools in January as a means of empowering our community. These tools have been used by over 900 individuals since that time, and over 2000 faculty, staff, and students have changed their passwords

Managing your password(s) can be frustrating, which is why we strongly encourage, but don't require, the use of a password manager such as LastPass. However, in our experience, most of the challenges associated with changing a password stems from synchronizing the change across cell phones, laptops, and other mobile devices. If it has been a while since you last changed your password, you may want to review our easy-to-follow instructions ahttp://go.brandeis.edu/changeyourpassword.

Timeline for Password Expiration:

Please note that you may change your password at any time it is convenient for you. We will send reminder notices at 2-week intervals beginning 6 weeks before your password expires, again at 1 week before expiration, and daily for the last week.

  • Faculty passwords began expiring on March 1st, 2015.
  • Staff passwords will expire over an 8-week period beginning June 21st, 2015.
  • Student passwords will expire over an 8-week period beginning September 15th, 2015.

Whenever you change your password, you will have either one or two years until the next required change. You will receive reminder notices in advance of that date, and you can always check on your next password or passphrase expiration by logging into https://identity.brandeis.edu and selecting the “Identity Self Service” link.

If you have any problems changing your password, please contact the LTS Help Desk by phone at 6-HELP (x64357) or by visiting the Help Desk in the Goldfarb Library.

If you are concerned about the validity of this email, you may visit the Communications section of the Library and Technology Services website at http://lts.brandeis.edu and view it from our homepage.