New Emory Password Policy and Upcoming Password Change

New Enterprise Password Policy
Your passwords are your keys to many resources: email, personal files, student records, patient files, Facebook accounts and more. In many cases a password is the only thing that prevents someone else from accessing your private information or impersonating you online. In an effort to help ensure the confidentiality and integrity of Emory’s information assets, Emory recently approved a new enterprise password policy which is available on the Emory policy website athttp://policies.emory.edu/5.15
 
Policy Highlights
  • Password Change Interval – Passwords must be changed at least once a year.  Certain individuals will be required to change their password every 90 days (e.g. system administrators, individuals who process credit card payments, individuals working on federal contracts)
  • Password Length – Passwords must be between 9 and 30 characters in length
  • Password Complexity – Passwords must contain at least 2 alphabetic characters (A-Z, a-z) and at least 2 non-alphabetic characters (spaces, numerals, punctuation, and/or special characters)
  • Password Constraints – Userid/NetID cannot be part of the password, no more than 2 consecutive characters can be identical, and the password cannot match any of the previous 24 passwords used with the account
What to Expect
The following content describes what individuals with Emory University NetIDs can expect over the coming months, as we begin to transition to the new policy.  Emory Healthcare account holders will receive separate communications at a later time. 
 
In the near future, Emory will begin encouraging members of the Emory University community to voluntarily change their passwords in order to ease the transition to the new password policy later this year.  In July, Emory will begin to enforce the new password complexity requirements (listed above) whenever users voluntarily change their passwords, and on September 9th Emory will begin to systematically enforce the full password policy, including the periodic password change requirement. Users who have not changed their Emory University password within the 12 month window preceding September 9th will be required to do so at that time.  These individuals should be on the lookout for a series of Password Expiration Notice messages which will include an Emory branded Password Expiration Notice banner (See below) as well as a hyperlink to Emory’s password change support page at:  http://it.emory.edu/password.

Password Expiration Notice
You will receive this message 28 days before, 14 days before, and every day the week before your password is scheduled to expire.  Simply follow the instruction on Emory’s password change support page to change your password.