Hi, It is true that asking people to regularly change passwords and enforcing naive password complexity requirements like ad-hoc character mixture requirements does the exact opposite of people choosing passwords that meet those requirements but are easy to guess.
Generally accepted best practice is to enforce a simple password complexity requirement that mostly entails * Password Length (>8) * Make sure the password is not easily guessable (to avoid password spray attack) and to enforce a comprehensive and secure multi-factor authentication. Thanks, Amit ________________________________ From: [email protected] <[email protected]> on behalf of Elijah Gagne <[email protected]> Sent: Friday, August 28, 2020 11:32 PM To: CAS Community <[email protected]> Cc: [email protected] <[email protected]> Subject: [cas-user] Re: How have you implemented password policies and management? I'm at a college of a comparable size. A few years ago, we removed the requirement for users to change their password. I would check out https://pages.nist.gov/800-63-FAQ/#q-b05<https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%2Fpages.nist.gov%2F800-63-FAQ%2F%23q-b05&data=02%7C01%7Camit.poddar%40yale.edu%7Ca3738f2d16a847b5b2dd08d84bcc1e7f%7Cdd8cbebb21394df8b4114e3e87abeb5c%7C0%7C0%7C637342687349894075&sdata=luJlsnkYEZcUx79AVn9XZcwo5CwFYtIMQl98Tn9FTfw%3D&reserved=0>. Regards, EWG On Friday, August 28, 2020 at 3:38:04 PM UTC-4 [email protected] wrote: Hello, I am looking for some general information on password policies and management. I am wondering how others have implemented LDAP password expiration warnings on their CAS installments (hoping for advice on CAS 6.2, but any advice is good). Do you use your LDAP provider's password policy? Notifications to email or phone? Intercept attributes with custom scripts? Change the login webflow in some way? How have you had success warning users that their password will expire soon (or already has expired) and guiding them to reset their passwords? Would you recommend any CAS features over others for password policies and management? Also, what size organization are you? I work at a relatively small university (~4000 students). -- - Website: https://apereo.github.io/cas<https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%2Fapereo.github.io%2Fcas&data=02%7C01%7Camit.poddar%40yale.edu%7Ca3738f2d16a847b5b2dd08d84bcc1e7f%7Cdd8cbebb21394df8b4114e3e87abeb5c%7C0%7C0%7C637342687349904066&sdata=6ZM78KR%2B%2FQDvzQexcOwSHLMK0EpyesSuDRPjf92MTs0%3D&reserved=0> - Gitter Chatroom: https://gitter.im/apereo/cas<https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgitter.im%2Fapereo%2Fcas&data=02%7C01%7Camit.poddar%40yale.edu%7Ca3738f2d16a847b5b2dd08d84bcc1e7f%7Cdd8cbebb21394df8b4114e3e87abeb5c%7C0%7C0%7C637342687349904066&sdata=IhszIB7mZ4hCOE0NfZrwAs2yyOtxcRcpfCir8UY9TnM%3D&reserved=0> - List Guidelines: https://goo.gl/1VRrw7<https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgoo.gl%2F1VRrw7&data=02%7C01%7Camit.poddar%40yale.edu%7Ca3738f2d16a847b5b2dd08d84bcc1e7f%7Cdd8cbebb21394df8b4114e3e87abeb5c%7C0%7C0%7C637342687349914060&sdata=qB81ZYCRNa%2FRRNakXTSRlon7sME0gZym5%2BXNwDsHtSY%3D&reserved=0> - Contributions: https://goo.gl/mh7qDG<https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgoo.gl%2Fmh7qDG&data=02%7C01%7Camit.poddar%40yale.edu%7Ca3738f2d16a847b5b2dd08d84bcc1e7f%7Cdd8cbebb21394df8b4114e3e87abeb5c%7C0%7C0%7C637342687349914060&sdata=QtbWAtKeK2vToqZCY9FKv%2BX0TuWYjA0g%2F6eyBYDrTZk%3D&reserved=0> --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]<mailto:[email protected]>. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/33e23fe8-5d91-4dc6-aa81-fb510be108bdn%40apereo.org<https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgroups.google.com%2Fa%2Fapereo.org%2Fd%2Fmsgid%2Fcas-user%2F33e23fe8-5d91-4dc6-aa81-fb510be108bdn%2540apereo.org%3Futm_medium%3Demail%26utm_source%3Dfooter&data=02%7C01%7Camit.poddar%40yale.edu%7Ca3738f2d16a847b5b2dd08d84bcc1e7f%7Cdd8cbebb21394df8b4114e3e87abeb5c%7C0%7C0%7C637342687349924055&sdata=DsroJXsXQ3ABznOW8HHgRB0UKwF6uY78dgO1hPnCUtk%3D&reserved=0>. -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/BN6PR08MB2562D7B30348DC6229554CB482530%40BN6PR08MB2562.namprd08.prod.outlook.com.
