Increasing Subscriber Password Security Unity 5.x

Unanswered Question
Jun 2nd, 2010

I am curious what behaviour I will see if I enforce the Phone Password Restrictions on my Unity 5.0 server. Currently all that is being enforced is minimum password length. I would like to expire passwords after 90 days, keep a 3 password history, and check for trivial passwords. Am I going to see a bunch of lock-outs? Will all users with a trivial password or a password older than 90 days be asked to change their password immediately? As you can tell this is a production system with about 1000 subscribers. Thanks in advance!

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
rob.huffman Thu, 06/03/2010 - 12:46

Hey Dennis,

We just went through some similar changes when we moved to Unity

Connection. From your post I can tell you are worried about the same

issues we saw.....users HATE change (especially change that makes their life harder)

Our "old" system had a minimum 4-digit password length, never expires, and no

Trivial password check. These settings had all been decreed by a previous IT Director

Needless to say we were facing an uphill battle much like you are.

A couple of tips from our experience;

1. Make sure you let the users know over and over again about

your upcoming changes (in detail) I can't tell you how many times

I heard "nobody told me" during this process.

2. Turn off (or at least loosen) the Lock-out policy. This really doubles the

user frustration level.

3. Think long and hard about the Trivial password caused us

a ton of pain!!

From Ginger;



Please support CSC Helps Haiti

dennis_range Thu, 06/03/2010 - 15:59

Thanks for your reply and of course communication is a big part for any change but I am curious about the actual behaviour of making these changes. Will I experience lock-outs or other unwanted behaviour after making the policy changes?

rob.huffman Thu, 06/03/2010 - 17:25

Hi Dennis,

We experienced a TON of lockouts the first few days and eventually

turned it off for about 10 days. The other thing I forgot to mention in my first post

was that I would schedule this to happen for your users on a specific day

by using Bulk Edit and changing the users to "must change password at next

login". This way the whole ordeal won't drag on forever




This Discussion

Related Content