The sky has not fallen

| 1 Comment
Today is the day we're flipping the switch and expiring passwords that haven't been changed in X days. There have been a metric ton of emails about this, and we've notified everyone we know who hasn't changed their password (and we can tell who they are) many, many times. Of the 21,000 or so accounts, I think I heard that 3,000 hadn't changed passwords yet. Those 3K people will have their passwords expired randomly over the next two weeks.

This morning we haven't had a call from either Helpdesk! Either these people don't log in as often as we thought, more likely, or they haven't had any issues with the password change screen.

Here is hoping it keeps up!

1 Comment

We did something similar with "Security Checks" a few years ago. Because of virus threats and critical patches, we'd send out waves of emails notifying students, and if they didn't run RSD (our security verification supplicant) by a certain date, we'd throw them into our 10.242.x.x private vlan until they passed the check.If I learned anything from this, I learned that dealing with entire populations (versus small subsets) on an issue is very very difficult and brings out all sorts of obscure corner cases. It also stirs up all sorts of strong emotions from students... Not an easy thing to deal with. Up until this January, I had the same password for four years. Forcing password rotation is a very reasonable policy, in my view. I'm not sure how much of the user-tsunami comes your way, but I sure hope you're on high enough ground to keep your feet dry. Good luck!