Maximum duration (before password expires):
180 days since last change or reset Days warning before expiration:
30 days Warning page auto-redirects after few seconds:
Force user to click “Update password” or “Ignore” May change password via web self-service before it expires:
Yes, visit netid.usf.edu to change your password at any time Grace period (# of times old password will be accepted) after password has expired:
None May reset password via web self-service (after it expires):
Yes, visit netid.usf.edu to change your password at any time May reset via call or fax (versus “physical proofing” by a designated USF employee) to Help Desk:
No History / Reusability (New password cannot match any of this many previously recorded ones):
10 previously recorded passwords 8 characters 132 characters New passwords must score sufficiently high against a list of password strength library of over 75,000 common passwords. The score increases as you include numbers, mixed-case, special characters, or increase the length. Password strength meter must read at least “Good” before the new password will be accepted. Display of a user-selected phrase and image to validate that it’s our system requesting their password and not a phishing scam:
Currently not available. Maximum failed login attempts (which can be used by to combat “brute force” attacks) from the same IP address (which CAS knows) before that IP-address is “locked":
100 per minute Maximum failed login attempts (which can be used by to combat “brute force” attacks) against the same account (which LDAP knows) before that account is “locked”:
100 per hour Failed-login lockout duration:
Permanent, unless manually reset |