06-02-2010 11:16 AM - edited 03-19-2019 01:01 AM
I am curious what behaviour I will see if I enforce the Phone Password Restrictions on my Unity 5.0 server. Currently all that is being enforced is minimum password length. I would like to expire passwords after 90 days, keep a 3 password history, and check for trivial passwords. Am I going to see a bunch of lock-outs? Will all users with a trivial password or a password older than 90 days be asked to change their password immediately? As you can tell this is a production system with about 1000 subscribers. Thanks in advance!
06-03-2010 12:46 PM
Hey Dennis,
We just went through some similar changes when we moved to Unity
Connection. From your post I can tell you are worried about the same
issues we saw.....users HATE change (especially change that makes their life harder)
Our "old" system had a minimum 4-digit password length, never expires, and no
Trivial password check. These settings had all been decreed by a previous IT Director
Needless to say we were facing an uphill battle much like you are.
A couple of tips from our experience;
1. Make sure you let the users know over and over again about
your upcoming changes (in detail) I can't tell you how many times
I heard "nobody told me" during this process.
2. Turn off (or at least loosen) the Lock-out policy. This really doubles the
user frustration level.
3. Think long and hard about the Trivial password check...it caused us
a ton of pain!!
From Ginger;
https://supportforums.cisco.com/message/1196673#1196673
https://supportforums.cisco.com/message/1228677#1228677
Cheers!
Rob
Please support CSC Helps Haiti
06-03-2010 03:59 PM
Thanks for your reply and of course communication is a big part for any change but I am curious about the actual behaviour of making these changes. Will I experience lock-outs or other unwanted behaviour after making the policy changes?
06-03-2010 05:25 PM
Hi Dennis,
We experienced a TON of lockouts the first few days and eventually
turned it off for about 10 days. The other thing I forgot to mention in my first post
was that I would schedule this to happen for your users on a specific day
by using Bulk Edit and changing the users to "must change password at next
login". This way the whole ordeal won't drag on forever
Cheers!
Rob
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide