Password Requirements

From email sent out by ITS on Oct 31st, 2016, below changes implemented on Nov 2nd, 2016

The IT Service Desk would like to make you aware of a change to password security settings that will go into effect on 2 November 2016.  This update only impacts people who change their password or create a new password.

What is ITS doing?

  • ITS is applying industry best practices to network password security standards employed at Clackamas Community College.
  • These updated standards bring CCC closer to compliance with requirements identified during our PCI (Payment Card Industry) analysis.
  • After 2 November all new passwords used to log onto the CCC network must meet the following requirements:
    • Minimum password length will increase from 6 to 8 characters
    • Old passwords cannot be reused.  The system will not allow anyone from changing their password to any of the previous 5 passwords used on the account.
    • Password complexity. This means that when you create a new password it must contain at least 3 of the following 4 characteristics:
      • Upper case character, example: A
      • Lower case character, example: a
      • Number, example: 1
      • Special Character: examples: !@#$%^&*()
  • NOTE:  You will NOT be required to change your password on 2 November unless it was going to expire anyway.  For example, if your password is currently set to expire on January 15th, you will not need to create this more secure password until January 15th.
  • Some staff and faculty have passwords that do not expire.  These people will be individually notified and assisted with the transition to regular password changes.
  • The Portal’s self-service password reset tool will list these requirements to help guide users as they change their password.
  • The Windows log-on screen may also prompt users to change their password when they expire, this screen may not list the complexity requirements.  This is a Microsoft limitation that ITS has no control over.
  • If you would like assistance with a strategy for creating a strong password that is easy to remember, please contact the ITS Service Desk.  We will not generate a password for you, but we can help you with a strategy.  Remember, ITS will NEVER ask you to disclose your password.

Who will be impacted?

  • Staff and faculty will be subject to these new standards.
  • Students will be subject to the new standards as well, but no changes will be made to password expiration for students at this time.  The only impact to students on 2 November will be for new students creating a password for the first time or students who decide to change their password voluntarily.  They will need to create a more complex password at that time.  Students will eventually require periodic password changes, but this will only be implemented when a detailed impact analysis is complete and a plan is established to ensure there is minimal impact to student learning.  That plan will be vetted in various forums such as College Council before implementation.

Why is this work being done?

  • This is needed to comply with PCI and align CCC with industry best practices for system security.