|
Case has a new Password
Policy which requires robust passwords
and
reasonable password age requirements for users accessing and or
managing Tier
II and Tier III information systems. This checklist is a
guide for preparing and successfully implementing your regular password
change. Unless your account has been compromised, the majority of
Case users will only need to perform this change annually.
- Determine how you use Case Network resources.
- Know what applications have embedded passwords
in them.
- Have a system for memorizing your new password.
- Affect the changes.
Infrastructure
Users
If you predominantly use web enabled services (behind the Single Sign On), changing the password
is simple. Your only preparation is to plan out your new
password, and then use this
IT Services tool: Password
Change to change it.
Active Directory
Users
If you are in the Case Active Directory Domain (ADS), plan to change
your password from your office computer while connected to the Case
Network. You will need to
check the "Sync my Active Directory Password" (it is checked by
default). Active Directory has more password complexity
requirements (described in the password page) than the
stanadard Case Network ID, so you should plan accordingly. The Password
Change page has complexity tests that the new password must pass
before your password can be changed.
If a user has more than one computer, for example a desktop and a
laptop, these both need to be addressed.
Immediately after a successful password change, while still on the Case
Network, you must restart your computer. This will ensure that
logins to network authenticated services are synchronized.
Applications
A number of users will need to change passwords that are "cached' in
applications that require authentication. These applications
include mail clients, calendar applications, instant messaging
clients. These can be on laptops, computers, or handheld
devices. The Case Help Desk has
a guide for handling these changes.
Known applications where changes must be manually entered:
- Mail Clients: Thunderbird, Mail.app, Outlook*,
Eudora. *Outlook with Active Directory does not need a manual
change. Note for Google Apps users the change must be made for
the smtp.cwru.edu settings.
- Oracle Calendar, and SyncML client software
that that connect handlehd devices to the Oracle Calendar
- Instant Messaging Clients: Spark, iChat,
Psi, Adium, etc.
- Browser Cache: clear any cached
- Carbonite backup- users should not have the
Carbonite password the same as their Case network password.
- iPhone: if you use the Mail.app and the
Case VPN, these applications need the password change performed.
- Blackberry: embedded passwords in the email
client and calendar lookups (see SyncML) need to be changed.
- Windows Mobile: embedded password in the
email client and calendar lookups need to be changed.
Making a planned change will help users ensure the new security driven
procedures are affected completely and accurately.
Password
Management
The Information
Security Office recommends Case users to download and run a
PasswordSafe, a password management utility. Guides can be found
on the Case
Wiki and at SecurityAware.case.edu.
Questions or problems?
Please call the Help Desk at 216.368.HELP (216.368.4357)
|
