Increasing Subscriber Password Security Unity 5.x

Unanswered Question
Jun 2nd, 2010

I am curious what behaviour I will see if I enforce the Phone Password Restrictions on my Unity 5.0 server. Currently all that is being enforced is minimum password length. I would like to expire passwords after 90 days, keep a 3 password history, and check for trivial passwords. Am I going to see a bunch of lock-outs? Will all users with a trivial password or a password older than 90 days be asked to change their password immediately? As you can tell this is a production system with about 1000 subscribers. Thanks in advance!

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
rob.huffman Thu, 06/03/2010 - 12:46

Hey Dennis,

We just went through some similar changes when we moved to Unity

Connection. From your post I can tell you are worried about the same

issues we saw.....users HATE change (especially change that makes their life harder)

Our "old" system had a minimum 4-digit password length, never expires, and no

Trivial password check. These settings had all been decreed by a previous IT Director

Needless to say we were facing an uphill battle much like you are.

A couple of tips from our experience;

1. Make sure you let the users know over and over again about

your upcoming changes (in detail) I can't tell you how many times

I heard "nobody told me" during this process.

2. Turn off (or at least loosen) the Lock-out policy. This really doubles the

user frustration level.

3. Think long and hard about the Trivial password check...it caused us

a ton of pain!!

From Ginger;

https://supportforums.cisco.com/message/1196673#1196673

https://supportforums.cisco.com/message/1228677#1228677

Cheers!

Rob

Please support CSC Helps Haiti

https://supportforums.cisco.com/docs/DOC-8895

https://supportforums.cisco.com/docs/DOC-8727

dennis_range Thu, 06/03/2010 - 15:59

Thanks for your reply and of course communication is a big part for any change but I am curious about the actual behaviour of making these changes. Will I experience lock-outs or other unwanted behaviour after making the policy changes?

rob.huffman Thu, 06/03/2010 - 17:25

Hi Dennis,

We experienced a TON of lockouts the first few days and eventually

turned it off for about 10 days. The other thing I forgot to mention in my first post

was that I would schedule this to happen for your users on a specific day

by using Bulk Edit and changing the users to "must change password at next

login". This way the whole ordeal won't drag on forever

Cheers!

Rob

Actions

This Discussion

Related Content