Removing 6 Month Password Expiration

Why?

New protocols put in place over the past six months have enabled stronger account protection.

Impact

Presently, WPI account passwords expire every 180 days. Beginning November 18, 2022, the expiration will be removed and password resets will no longer be required. Of course, you may still choose to establish a new password at any time using Self Service Password Reset.

Details

WPI account password protocol changes have been made over the past six months. Details are available in the May 2022 edition of SECURE IT (linked in Actions).  Information Security continues to review best practices for account safety, taking into consideration both usability and impenetrability. The combination of multi-factor authentication with a password of 10 or more characters (16 recommended) provides excellent security! 

The updated WPI password requirements and recommendations align with the National Institute of Standards and Technology (NIST) guidelines. Since 2014, NIST, a U.S. federal agency, has issued requirements and controls for passwords. WPI is adopting the latest NIST password guidelines, which were updated in 2020. The new NIST guidelines are based on numerous studies of human behavior and efficiency when it comes to passwords. They provide best practices for creating strong, effective passwords rather than outdated policies that lead to weaker and easy-to-hack passwords.