[Faccus] [CTSC] New Password Standards

Jason Testart jatestart at uwaterloo.ca
Wed Oct 20 14:05:53 EDT 2010

  Hi all,

An update: There was a delay in the development of the mechanism for 
allowing WatIAM to change NEXUS passwords for the completion of step #2 
of the implementation plan.  The mechanism has been completed and tested 
and the change is slated to go into production next week.

Here's the note from Alan George that's been sent to Chris Redmond for 
posting to the Daily Bulletin:

    Effective Tuesday October 26th, 2010, the password change facility
    in WatIAM <http://watiam.uwaterloo.ca/> will change both your ADS
    password (also known as your "WatIAM password') AND your NEXUS
    account password, if you have one. This is being done as a first
    step in the project to consolidate the ADS and NEXUS computing
    environments.  Please also note that the minimum password length is
    now 8 characters.  Password length requirements are enforced at
    password change so previously set passwords that are shorter than 8
    characters will still work.  All members of the university community
    are encouraged to change their passwords in WatIAM following the
    October 26th change to ensure ADS and NEXUS passwords are the same
    when the environments are consolidated.

Steps #3 and #4 have no dates set since they are dependent on the WatIAM 
upgrade and the AD consolidation project.


On 9/28/2010 9:41 AM, Jason Testart wrote:
> My apologies if you receive this message more than once.  I want to 
> make sure this reaches all IT support staff on campus.
> A recent security assessment performed as part of the internal audit 
> plan, overseen by the Board of Governors Audit Committee, noted a lack 
> of standards for passwords and password management across campus.  In 
> response to this observation, a password standards document has been 
> developed and endorsed by the university Computing Technology & 
> Services Committee (CTSC):
> http://ist.uwaterloo.ca/security/policy/passwords.shtml
> You will note that in addition to length and complexity requirements, 
> there are new password aging and history requirements.  Implementing 
> the changes will be done in phases, because of the dependencies on 
> WatIAM (which is soon to be upgraded) and the consolidation of ADS and 
> The implementation plan is as follows:
>    1. Make the password length and complexity requirements of all
>       campus Active Directories match the new standard. (Timing: this
>       week)
>    2. Enable new functionality for password change in WatIAM to change
>       the password in both ADS and NEXUS. (Timing: October 5, 2010)
>    3. Announce new password rules to the campus community (through
>       various channels), informing them that password expiry (of one
>       year) will be enforced before the end of 2010 and that they
>       should change their passwords soon. (Timing: October 13, 2010)
>    4. Once WatIAM upgrade is complete, and users from both ADS and
>       NEXUS are merged, enforce password aging and password history.
>       (Timing: unknown; depends on timing of ADS/NEXUS consolidation
>       project)
> Please forward any questions and/or concerns to your CTSC 
> representative (http://ist.uwaterloo.ca/as/ctsc/).  If you are unsure 
> who that is, you are welcome to forward questions/concerns to me.
> Regards,
> jt
> -- 
> Jason A. Testart, BMath               | Voice: +1-519-888-4567 x38393
> Manager, IT Security                  | Fax: +1-519-884-4398
> Information Systems and Technology    |http://ist.uwaterloo.ca/security
> University of Waterloo, Waterloo, Ontario  N2L 3G1 CANADA

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.uwaterloo.ca/pipermail/faccus/attachments/20101020/7841cea5/attachment.html 

More information about the Faccus mailing list