Old passwords (passwords that have not been changed in an extended period of time) are a significant security risk to the safety and integrity of Westerns networking community. The longer a password remains unchanged, the longer a malefactor has to attempt to break the password. Research shows that the time needed to break an 8-character password that adheres to Western's password policy structure is less than 90 days if using a high end workstation. A specialized computer, built for this purpose could break these passwords in as little as 6 hours. Additionally, passwords that are extremely old may no longer conform to the current password policy Western enforces and as such may be even easier to compromise.
Western University's Information Security team, along with the ITS Help Desk, and the Computer Accounts Office are moving ahead with a project that aims to effect account password changes for all accounts where the password is at least 5 years old.
We are going to be moving at a conservative pace with this project, and expect it to run for an extended period of time before it is completed. Each day, we will be sending a notification email to a selected set of users where we have identified no password change has taken place for 5 or more years. The email will ask the user to contact the ITS Help Desk team to assist them in changing their password. We are giving users a period of 28 days from the time of the notification email being sent to have changed the password on their account. A second notification and reminder email will be sent 14 days after the first, again requesting that users contact the ITS Help Desk team to change the password on their account. A third and final reminder email will be sent 48 hours before the end of the 28 day notice period. If no change has been made after 28 days, then ITS will be re-setting the password on the account and users will have to contact the ITS Help Desk to regain access to their account.
Thank you for your understanding, and efforts in helping to make Western University's network a safer place for all.
Last updated on and