Purdue Today

October 11, 2007

New policy addresses password expiration, access to University resources

A newly revised Authentication and Authorization Policy (V.1.2) was signed by President France A. Córdova on Sept. 25.  The revised Authentication and Authorization policy employs a standardized mechanism for identification, authentication, and authorization to access University resources. 

Standards issued simultaneously with the revised policy address password expiration for University passwords and employ a new process for determining password expiration.

Under the new standard, all University passwords must be changed at least every 120 days unless a person's assigned role requires 30 day changes.  Under the new standard, most students will be required to change their passwords every 120 days, rather than every 30 days.

Only faculty, staff, student-employees, and other affiliates who have access beyond the "Employee Self Service" and "Traveler" roles in the new OnePurdue system will be required to change their passwords every 30 days.

This change is in place as of Oct. 11 and only affects the OnePurdue system at this time.

The revised Authentication & Authorization policy can be found at http://www.purdue.edu/policies/pages/information_technology/v_1_2.html

The new User Credentials Standard can be found at http://www.purdue.edu/securepurdue/bestPractices/passStandards.cfm

A knowledge base article on how to determine your OnePurdue system roles can be found at: https://help.itap.purdue.edu/onepurdue/viewarticle.php?articleid=2540

Faculty, staff, student-employees, and other affiliates requiring changes to their assigned roles should work with their business office and supervisor.

For questions or comments about the revised Authentication and Authorization policy or the User Credentials Standard, contact: Director, Identity and Access Management Office at iamo@purdue.edu