Technology Services is rolling out a new password policy to those that are part of the Teams/OneDrive group using DUO multi-factor authentication. This new policy is more relaxed and follows these guidelines:
Longer Password Expiration and Length
With the implementation of Multi-Factor Authentication, CBC is in a great position to simplify the password process and align with new password security best practices. Adopting several guidelines from the NIST 800-63 recommendation, CBC will be modifying the password length and expiration time to 15 characters and 360 days.
Longer Passwords - A longer character length, in this case 15 characters, encourages the utilization of word based, not character based, passwords. Word-based passwords are a concept in which you use 4 or more disassociated words to create a longer more secure password. This makes a password that can be difficult to remember, like (!LikeC@k3) or easy to guess like (Winter2019) and converts them to something exponentially more secure and harder to guess, like (CorrectHorseBatteryStaple!) This method utilizes people’s natural ability to remember pictures easier than a string of characters. You can either start with the words and paint a picture or start with the picture and find some words. Please know the words should be disassociated; common phrases or a list of pets are not intended to be used. At this time, you will still need 3 out of 4 of the following in your password: upper case letters, lower case letters, numbers, special characters (!,#, $, etc).
Longer Expiration Length – A longer expiration length, in this case 360 days, is your reward for the utilization of longer passwords and MFA. By not needing to change your password as frequently, we hope to encourage uniqueness when you do change it. This is meant to reduce password reuse, where people use a standard formula like adding the year or simply iterate a number by 1.
When will this take effect? - You will see these new rules take effect after your next password change and after MFA has been turned on for your account.
If you are not signed up for Duo, your password length is 8 characters, still requiring 3 out of 4 of the following in your password: upper case letters, lower case letters, numbers, special characters (!,#, $, etc). It will expire every 90 days.