Changes to UNM NetID processes

Background

The UNM auditors have required that we enforce password changes on UNM NetID accounts. In addition, since the ITEL system was discontinued, we have needed a new way to allow students to reset their own passwords in the event that they forget a password. With these two issues in mind, changes are being made to password processing and reset for UNM NetIDs

What is happening?

Beginning 8/27, all UNM NetID users (all staff, students, and retirees) will be able to set up responses to challenge questions through a new NetID page. Once created, these responses can be used to authenticate a user and allow them to reset a forgotten password.

 

At the same time, new password management will take effect.

 

The new web page will provide access to all four NetID related activities:

 

• New UNM NetID creation
• Set up/change challenge-response
• Change password using challenge response
• Change password – old password known.

 

These four functions will be available at http://netid.unm.edu This will replace the current page with that URL. The new page will be available 8/27.

How is the required password format changing?

The UNM NetID password format has been amended slightly:

 

—The dollar sign will no longer be allowed as part of the string, to remove a conflict with Banner passwords

 

—Passwords will need to comply with this format:

 

• Minimum of six characters
• Maximum of eight characters
• Valid character set: A-Z, a-z, 0-9, _ and # symbols
• Complexity:
• First character alphabetic
• At least ONE of the following:
• Mixed case
• Includes a digit
• Includes a special character
• Maximum of two repetitions of a character without an intervening different character

When will passwords expire?

A password will expire six months after the last change to the password (or six months after the creation of a new account). On 8/27, we will start adding expiration dates to all existing LDAP accounts, using a batch process. The first expiration date for accounts will be 2/23/08.

Will users be notified?

Warning emails will be sent to the user’s preferred email address 30, 15, 7 and 1 day before expiration. If they reset their password at any time during this process, no further emails will be sent. The first email reminders will be sent on 1/24/08.

What other changes are happening?

There is one other significant change to the way passwords are handled. Starting 8/13, LDAP will retain a password history for all accounts. Re-use of passwords will not be allowed.

What impact does this have on HSC NetIDs?

The HSC/Hospital NetID is completely separate. These measures only relate to UNM NetIDs, stored in the central LDAP directory. These changes have no effect on the format, expiration or re-use of passwords for HSC NetIDs.