UCAS Password Expiration Update

All UCAR staffers have a UCAS (UCAR Common Authentication System) Password, used for access to the Time Card application and other resources.  As of August 1, 2011, these passwords will have limited lifetimes; after this date, all users will be required to change them at least every 180 days.Why will passwords expire after 180 days?  This is a computer security best practice which limits the amount of time any stolen or guessed password can be used for access to UCAR resources.How will you know your password is expiring?  There are multiple ways of finding out.  You will be notified by e-mail at least two weeks before your password expires, with a followup a week later if necessary.  The underlying technology of UCAS Passwords is called Kerberos, and if you use your Kerberos credentials for access to the CISL HPSS (High-Performance Storage System) archive, you may already be regularly notified of your password's lifetime.  Also, web sites that you log into with your UCAS Password can inform you if the password is expired, and the Web Engineering Group is developing a way for them to inform you of your password's remaining lifetime.Do I need to change my password right away?  In order to allow staff to have time to receive expiration notifications after August 1, we made sure that all passwords were valid until at least mid-August.  You will receive at least 14, and up to 20, days notice via e-mail before you need to change your password.How can you change your UCAS Password?  The various divisions, programs, and groups at UCAR have implemented different mechanisms for managing UCAS Passwords.  Please consult with your local system support staff to learn the best way for you to manage your UCAS Password.  If you are not familiar with your local system support staff, please check here for links: https://www2.cisl.ucar.edu/dsg/local-system-support-ucar  If no other method works for you, you may change your UCAS Password at https://kpasswd.ucar.eduWhy does the system keep rejecting the passwords I want?  We enforce password complexity criteria to prevent staff from using passwords that are easily guessed by attackers.  At minimum, the password must be 6 characters or longer (longer is stronger), and you should use a combination of letters, numbers, and punctuation symbols, except for spaces and single quote characters (') which are not fully supported right now.  We actually test the password you supply with a common password-guessing program, and reject it if the program can guess it.  For more help on choosing good passwords, consult your local system support staff or the Security Engineering Group (security@ucar.edu).If you have questions about UCAS Password expiration, please contact Mark Bradford at mark@ucar.edu.

Will this event be webcast to the public by NCAR|UCAR?: 
Announcement timing: 
August 1, 2011 to August 12, 2011