Password Change Process

An Explanation of NAU's Password Policy and Change Process

NAU provides a password change web application. Your password is the key that unlocks access to much of your personal information. It provides full access to your email accounts, including received and sent email, and all the information you have stored on your personal contacts. It also unlocks the ability to send email from your Exchange or Gmail account. Your password protects your access to LOUIE/PeopleSoft, which contains a wealth of personal information belonging to you, including staff payroll and benefits information, and the social security numbers for you and your beneficiaries. Student information, including class schedules and transcripts, is also accessible. Your password may also unlock special privileges in any number of business or academic applications to which you have access. 

Because your password is so important, several rules are in place to ensure it is not easily guessed, and that, if someone tries too many times to break into your computer accounts, it is disabled to prevent unauthorized access to your information and privileges.  This article describes the rules that are used to govern complexity, duration, and protection of your password.


Password Complexity Requirements

 Passwords must:

  • be a minimum of seven (7) characters in length
  • be a maximum length of (128) characters
  • contain at least one (1) character from three (3) of the following categories:
    • Uppercase letter (A-Z)
    • Lowercase letter (a-z)
    • Digit (0-9) or Special character ` ~ ! @ # $ % ^ & * ( ) _ + - = { } | \ : " ; ' < > ? , . /

Maximum Password Age

This setting determines the amount of time (in days) that a password can be used before the system requires the user to change it. The value has been set at 90 days for faculty and staff and 180 days for students.


Minimum Password Age

This setting determines the amount of time that must pass before users can change their passwords. Defining a minimum password age prevents users from circumventing the password history policy by defining multiple passwords in rapid succession until they can use their old passwords again. The value for this setting is five minutes, which discourages rapid password recycling but permits users to eventually change their passwords.


Password History

This setting determines the number of unique new passwords that must be associated with a user account before an old password can be reused. It also rejects new passwords that are too similar to old passwords. This setting feature prevents users from circumventing password expiration restrictions by recycling old passwords or ones like them. The value is set to five.


Account Lockout Threshold

This security setting determines the number of failed logon attempts that causes a user account to be locked out. A locked-out account cannot be used until it is reset by an administrator or until the lockout duration for the account has expired. For Web/LDAP and faculty/staff Windows accounts, this value is set to six. Student Windows accounts do not lock out.


Account lockout duration

This security setting determines the number of minutes a locked-out account remains locked out before automatically becoming unlocked. For Web/LDAP authentication, the account remains locked until unlocked by an administrator. For faculty/staff Window accounts, the lockout duration is set to thirty minutes or until an administrator enables the user ID.  Student accounts do not automatically lock out.


Reset Account Lockout Counter

This security setting determines the number of minutes that must elapse after a failed logon attempt before the failed logon attempt counter is reset to 0 bad logon attempts. If an account lockout threshold is defined, this reset time must be less than or equal to the Account lockout duration. For faculty/staff Windows accounts, this is set to 30 minutes.  Web/LDAP and student Windows accounts do not enforce this.


Password Change Process

NAU provides a password change web application.  This application verifies that the newly selected password meets all the requirements outlined above.  A measure of the relative strength of the password is shown as a new password is entered, so users can get immediate feedback on how unlikely it will be that their new password can be "cracked."  Once it is successfully entered, the new password can be used to unlock both Web-based and Windows accounts.


These policies are in place to help to protect your password to the extent that you do. Remember that it is against the NAU Acceptable Use policy to share your password. If you follow the above guidelines and you protect your password, you will be taking a big step toward protecting the University’s and your own information.



top

Related Services

Available to studentsAvailable to facultyAvailable to staff

Security for your computers and information, including SSL certificates.

top