Increasing Subscriber Password Security Unity 5.x

Unanswered Question
Jun 2nd, 2010
User Badges:

I am curious what behaviour I will see if I enforce the Phone Password Restrictions on my Unity 5.0 server. Currently all that is being enforced is minimum password length. I would like to expire passwords after 90 days, keep a 3 password history, and check for trivial passwords. Am I going to see a bunch of lock-outs? Will all users with a trivial password or a password older than 90 days be asked to change their password immediately? As you can tell this is a production system with about 1000 subscribers. Thanks in advance!

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Rob Huffman Thu, 06/03/2010 - 12:46
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 IP Telephony, Unified Communications

Hey Dennis,


We just went through some similar changes when we moved to Unity

Connection. From your post I can tell you are worried about the same

issues we saw.....users HATE change (especially change that makes their life harder)


Our "old" system had a minimum 4-digit password length, never expires, and no

Trivial password check. These settings had all been decreed by a previous IT Director

Needless to say we were facing an uphill battle much like you are.


A couple of tips from our experience;


1. Make sure you let the users know over and over again about

your upcoming changes (in detail) I can't tell you how many times

I heard "nobody told me" during this process.


2. Turn off (or at least loosen) the Lock-out policy. This really doubles the

user frustration level.


3. Think long and hard about the Trivial password check...it caused us

a ton of pain!!



From Ginger;


https://supportforums.cisco.com/message/1196673#1196673


https://supportforums.cisco.com/message/1228677#1228677



Cheers!

Rob



Please support CSC Helps Haiti


https://supportforums.cisco.com/docs/DOC-8895


https://supportforums.cisco.com/docs/DOC-8727

dennis_range Thu, 06/03/2010 - 15:59
User Badges:

Thanks for your reply and of course communication is a big part for any change but I am curious about the actual behaviour of making these changes. Will I experience lock-outs or other unwanted behaviour after making the policy changes?

Rob Huffman Thu, 06/03/2010 - 17:25
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 IP Telephony, Unified Communications

Hi Dennis,


We experienced a TON of lockouts the first few days and eventually

turned it off for about 10 days. The other thing I forgot to mention in my first post

was that I would schedule this to happen for your users on a specific day

by using Bulk Edit and changing the users to "must change password at next

login". This way the whole ordeal won't drag on forever


Cheers!

Rob

Actions

This Discussion

Related Content