The following restrictions will apply to all normal, name-based NetID accounts:
Warning page auto-redirects after few seconds:Force user to click “Update password” or “Ignore” May change password via web self-service before it expires:Yes, visit netid.usf.edu to change your password at any time Grace period (# of times old password will be accepted) after password has expired:None May reset password via web self-service (after it expires):Yes, visit netid.usf.edu to change your password at any time May reset via call or fax (versus “physical proofing” by a designated USF employee) to Help Desk:No History / Reusability (New password cannot match any of this many previously recorded ones):5 previously recorded passwords Minimum length:15 characters Maximum length:132 characters Complexity / Strength:New passwords must score sufficiently high against a list of password strength library of over 75,000 common passwords. The score increases as you include numbers, mixed-case, special characters, or increase the length. Password strength meter must read at least “Good” before the new password will be accepted. Display of a user-selected phrase and image to validate that it’s our system requesting their password and not a phishing scam:Currently not available. Maximum failed login attempts (which can be used by to combat “brute force” attacks) from the same IP address (which CAS knows) before that IP-address is “locked":100 per minute Maximum failed login attempts (which can be used by to combat “brute force” attacks) against the same account (which LDAP knows) before that account is “locked”:100 per hour Failed-login lockout duration:30 minutes |