Thank you for the information, I never thought about it like that. Basically, since they have to change their passwords every X days, you're saying that people will choose similar enough passwords that becomes predictable to others over time? The longer a password lasts, the more secure people are likely to make it. The question below it (Q-B06) is also interesting to me. I'd have to go through a few layers to get changes like that made across campus but I think many people would benefit from it. That seems like more of a long term change to me, but good to know, thank you for that.
I am wondering if anyone has had luck implementing some sort of password warning system into CAS though? -Jeremiah Garmatter, Systems Administrator -Ohio Northern University, Class of 2020 -Work: 419-772-1074 Cell: 419-672-8685 [email protected] On Sat, Aug 29, 2020 at 11:01 AM Poddar, Amit <[email protected]> wrote: > Hi, > > It is true that asking people to regularly change passwords and enforcing > naive password complexity requirements like ad-hoc character mixture > requirements does the exact opposite of people choosing passwords that meet > those requirements but are easy to guess. > > Generally accepted best practice is to enforce a simple password > complexity requirement that mostly entails > > - Password Length (>8) > - Make sure the password is not easily guessable (to avoid password > spray attack) > > and to enforce a comprehensive and secure multi-factor authentication. > > Thanks, > Amit > ------------------------------ > *From:* [email protected] <[email protected]> on behalf of Elijah > Gagne <[email protected]> > *Sent:* Friday, August 28, 2020 11:32 PM > *To:* CAS Community <[email protected]> > *Cc:* [email protected] <[email protected]> > *Subject:* [cas-user] Re: How have you implemented password policies and > management? > > I'm at a college of a comparable size. A few years ago, we removed the > requirement for users to change their password. I would check out > https://pages.nist.gov/800-63-FAQ/#q-b05 > <https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%2Fpages.nist.gov%2F800-63-FAQ%2F%23q-b05&data=02%7C01%7Camit.poddar%40yale.edu%7Ca3738f2d16a847b5b2dd08d84bcc1e7f%7Cdd8cbebb21394df8b4114e3e87abeb5c%7C0%7C0%7C637342687349894075&sdata=luJlsnkYEZcUx79AVn9XZcwo5CwFYtIMQl98Tn9FTfw%3D&reserved=0>. > > > Regards, > EWG > On Friday, August 28, 2020 at 3:38:04 PM UTC-4 [email protected] wrote: > > > Hello, > > I am looking for some general information on password policies and > management. > > I am wondering how others have implemented LDAP password expiration > warnings on their CAS installments (hoping for advice on CAS 6.2, but any > advice is good). Do you use your LDAP provider's password policy? > Notifications to email or phone? Intercept attributes with custom scripts? > Change the login webflow in some way? > > How have you had success warning users that their password will expire > soon (or already has expired) and guiding them to reset their passwords? > Would you recommend any CAS features over others for password policies and > management? Also, what size organization are you? I work at a relatively > small university (~4000 students). > > -- > - Website: https://apereo.github.io/cas > <https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%2Fapereo.github.io%2Fcas&data=02%7C01%7Camit.poddar%40yale.edu%7Ca3738f2d16a847b5b2dd08d84bcc1e7f%7Cdd8cbebb21394df8b4114e3e87abeb5c%7C0%7C0%7C637342687349904066&sdata=6ZM78KR%2B%2FQDvzQexcOwSHLMK0EpyesSuDRPjf92MTs0%3D&reserved=0> > - Gitter Chatroom: https://gitter.im/apereo/cas > <https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgitter.im%2Fapereo%2Fcas&data=02%7C01%7Camit.poddar%40yale.edu%7Ca3738f2d16a847b5b2dd08d84bcc1e7f%7Cdd8cbebb21394df8b4114e3e87abeb5c%7C0%7C0%7C637342687349904066&sdata=IhszIB7mZ4hCOE0NfZrwAs2yyOtxcRcpfCir8UY9TnM%3D&reserved=0> > - List Guidelines: https://goo.gl/1VRrw7 > <https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgoo.gl%2F1VRrw7&data=02%7C01%7Camit.poddar%40yale.edu%7Ca3738f2d16a847b5b2dd08d84bcc1e7f%7Cdd8cbebb21394df8b4114e3e87abeb5c%7C0%7C0%7C637342687349914060&sdata=qB81ZYCRNa%2FRRNakXTSRlon7sME0gZym5%2BXNwDsHtSY%3D&reserved=0> > - Contributions: https://goo.gl/mh7qDG > <https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgoo.gl%2Fmh7qDG&data=02%7C01%7Camit.poddar%40yale.edu%7Ca3738f2d16a847b5b2dd08d84bcc1e7f%7Cdd8cbebb21394df8b4114e3e87abeb5c%7C0%7C0%7C637342687349914060&sdata=QtbWAtKeK2vToqZCY9FKv%2BX0TuWYjA0g%2F6eyBYDrTZk%3D&reserved=0> > --- > You received this message because you are subscribed to the Google Groups > "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/a/apereo.org/d/msgid/cas-user/33e23fe8-5d91-4dc6-aa81-fb510be108bdn%40apereo.org > <https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgroups.google.com%2Fa%2Fapereo.org%2Fd%2Fmsgid%2Fcas-user%2F33e23fe8-5d91-4dc6-aa81-fb510be108bdn%2540apereo.org%3Futm_medium%3Demail%26utm_source%3Dfooter&data=02%7C01%7Camit.poddar%40yale.edu%7Ca3738f2d16a847b5b2dd08d84bcc1e7f%7Cdd8cbebb21394df8b4114e3e87abeb5c%7C0%7C0%7C637342687349924055&sdata=DsroJXsXQ3ABznOW8HHgRB0UKwF6uY78dgO1hPnCUtk%3D&reserved=0> > . > -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CABX%3DCB0cFHa4VMNJXyju5EHa%3D5%2Bq-Cu%3Dm91b1RcMDVFjuogtRQ%40mail.gmail.com.
