In the next few months we will be making small changes to the National Life password policy. We’re going to be increasing password length, decreasing complexity, and requiring less frequent changes. These changes are based on new standards from the National Institute of Science and Technology who found that moving to longer “passphrases” of lower complexity is both more secure and more user-friendly than traditional password requirements.
When a policy is difficult to follow, users find ways around it. If people are required to change overly-complicated passwords too frequently, they are inclined to write their passwords down, or select as a password a predictable pattern of characters and letters that is not sufficiently secure. If they are required to use many passwords, they tend to use the same password across multiple systems. All of these workarounds introduce risk to the safeguarding of National Life’s data and the integrity of its environments.
For password changes on and after June 1st, you will be required to increase the minimum length of your password from 8 to 12 characters. To meet this length, we encourage you to consider using a memorable sequence of words. For example, “GivePeaceAChance,” “MakeAmericaGreat” and “MyGrandkidsAreAngels” all meet the new requirements.
To make these pass phrases easier to remember, we are decreasing the number of character types you must use in your password from three to two. As a reminder, the four different character types are:
- Upper-case letters,
- Lower-case letters,
- Special characters, and
- Numbers.
Passwords being reset after June 1st will only need to incorporate two of these character types.
Finally, many employees will be glad to hear they’ll only be required to change their password every 180 days, rather than every 90 days. Longer, less complex passwords are secure enough to allow us to relax the frequency of password changes.
It’s important that we all do our part to protect the valuable and often confidential data that National Life stores in its systems. If you have questions about these changes to our password policy, please contact Ari Mileikowsky at x1604.