Overview
The following restrictions will apply to all normal, name-based NetID accounts:
- Maximum duration (before password expires): 180 days since last change or reset
- Days warning before expiration: 30
- Warning page auto-redirects after few seconds: Force user to click “Update password” or “Ignore”
- May change password via web self-service before it expires: Yes, visit netid.usf.edu to change your password at any time
- Grace period (# of times old password will be accepted) after password has expired: None
- May reset password via web self-service (after it expires): Yes, visit netid.usf.edu to change your password at any time
- May reset via call or fax (versus “physical proofing” by a designated USF employee) to Help Desk: No
- History / Reusability – New password cannot match any of this many previously recorded ones: 10
- Minimum length: 8
- Maximum length: 132
- Complexity / Strength: New passwords must score sufficiently high against a list of password strength library of over 75,000 common passwords. The score increases as you include numbers, mixed-case, special characters, or increase the length. Password strength meter must read at least “Good” before the new password will be accepted.
- Display of a user-selected phrase and image to validate it’s our system requesting their password and not a phishing scam): Currently not available.
- Maximum failed login attempts (which can be used by to combat “brute force” attacks)
- From the same IP address (which CAS knows) before that IP-address is “locked": 100 per minute
- Against the same account (which LDAP knows) before that account is “locked”: 100 per hour
- Failed-login lockout duration: Permanent, unless manually reset