Expiring Password

Discussions around using and interfacing with the Church MLS program.
jdlessley
Community Moderators
Posts: 9858
Joined: Mon Mar 17, 2008 12:30 am
Location: USA, TX

Expiring Password

#1

Post by jdlessley »

Today I and a bishopric counselor completing a donation batch were presented with a pop-up that stated our passwords were expiring and we needed to change our passwords. It also stated we only had three more log-ons to make the change.

In the fifteen years I have been using and signing onto MLS I have not seen this. Has anyone else seen this? Is this a new requirement? If so, is the period between password changes anything like the one for the LDS Account workforce?
JD Lessley
Have you tried finding your answer on the ChurchofJesusChrist.org Help Center or Tech Wiki?
eblood66
Senior Member
Posts: 3907
Joined: Mon Sep 24, 2007 9:17 am
Location: Cumming, GA, USA

Re: Expiring Password

#2

Post by eblood66 »

I've seen this for a while now. I assume we've had this requirement because we were on the finance beta and could process EFT reimbursements via MLS (although I never did it in MLS--I always used LCR). I believe it is requiring that we change passwords every 3 months.
scgallafent
Church Employee
Church Employee
Posts: 3025
Joined: Mon Feb 09, 2009 4:55 pm
Location: Riverton, Utah

Re: Expiring Password

#3

Post by scgallafent »

jdlessley wrote:In the fifteen years I have been using and signing onto MLS I have not seen this. Has anyone else seen this? Is this a new requirement? If so, is the period between password changes anything like the one for the LDS Account workforce?
We added that functionality to MLS about four years ago, but it was only enabled for units with direct deposit functionality. As that expands, the requirement then applies to your unit.
User avatar
Mikerowaved
Community Moderators
Posts: 4734
Joined: Sun Dec 23, 2007 12:56 am
Location: Layton, UT

Re: Expiring Password

#4

Post by Mikerowaved »

scgallafent wrote:We added that functionality to MLS about four years ago, but it was only enabled for units with direct deposit functionality. As that expands, the requirement then applies to your unit.
I'm of the growing opinion that forcing frequent password changes may actually be detrimental to security. Here's one of many such articles supporting this.
So we can better help you, please edit your Profile to include your general location.
russellhltn
Community Administrator
Posts: 34418
Joined: Sat Jan 20, 2007 2:53 pm
Location: U.S.

Re: Expiring Password

#5

Post by russellhltn »

Mikerowaved wrote:I'm of the growing opinion that forcing frequent password changes may actually be detrimental to security. Here's one of many such articles supporting this.
See page 24 of this NIST publication 800-63B. This hasn't made it's way into the government - yet. I think it's because of the additional password checking the new guidelines require. Maybe once Microsoft adds it to their standard OS (much like the periodic change change and complexity requirements in the Group Policy), then it will get broader use.
Have you searched the Help Center? Try doing a Google search and adding "site:churchofjesuschrist.org/help" to the search criteria.

So we can better help you, please edit your Profile to include your general location.
scgallafent
Church Employee
Church Employee
Posts: 3025
Joined: Mon Feb 09, 2009 4:55 pm
Location: Riverton, Utah

Re: Expiring Password

#6

Post by scgallafent »

Mikerowaved wrote:
scgallafent wrote:We added that functionality to MLS about four years ago, but it was only enabled for units with direct deposit functionality. As that expands, the requirement then applies to your unit.
I'm of the growing opinion that forcing frequent password changes may actually be detrimental to security. Here's one of many such articles supporting this.
While the article has valid points, we discovered several interesting things as we started enabling this. There are a few benefits to forcing password changes on a semi-regular basis in our environment.
russellhltn
Community Administrator
Posts: 34418
Joined: Sat Jan 20, 2007 2:53 pm
Location: U.S.

Re: Expiring Password

#7

Post by russellhltn »

scgallafent wrote:While the article has valid points, we discovered several interesting things as we started enabling this. There are a few benefits to forcing password changes on a semi-regular basis in our environment.
It would be interesting to find out.

A few ideas come to mind:
Some units have accounts "by function" instead of "by user". Forcing the change means the prior user is locked out.
Likewise, someone may share their password as a matter of expediency. And by forcing the change, they are locked out.
Have you searched the Help Center? Try doing a Google search and adding "site:churchofjesuschrist.org/help" to the search criteria.

So we can better help you, please edit your Profile to include your general location.
scgallafent
Church Employee
Church Employee
Posts: 3025
Joined: Mon Feb 09, 2009 4:55 pm
Location: Riverton, Utah

Re: Expiring Password

#8

Post by scgallafent »

russellhltn wrote:Some units have accounts "by function" instead of "by user". Forcing the change means the prior user is locked out.
Likewise, someone may share their password as a matter of expediency. And by forcing the change, they are locked out.
Both of those scenarios are potential concerns.
User avatar
Mikerowaved
Community Moderators
Posts: 4734
Joined: Sun Dec 23, 2007 12:56 am
Location: Layton, UT

Re: Expiring Password

#9

Post by Mikerowaved »

russellhltn wrote:See page 24 of this NIST publication 800-63B.
I think you meant page 14 using the pages numbers, which is the 24th page as a PDF viewer would count them.
So we can better help you, please edit your Profile to include your general location.
russellhltn
Community Administrator
Posts: 34418
Joined: Sat Jan 20, 2007 2:53 pm
Location: U.S.

Re: Expiring Password

#10

Post by russellhltn »

Mikerowaved wrote:
russellhltn wrote:See page 24 of this NIST publication 800-63B.
I think you meant page 14 using the pages numbers, which is the 24th page as a PDF viewer would count them.
Yes, page 24 of the PDF.

But from some PMs, I've learned that "shared passwords" have indeed been a problem in some units. So, NIST not withstanding, a requirement to periodically change the passwords will likely continue in certain church apps for the foreseeable future.
Have you searched the Help Center? Try doing a Google search and adding "site:churchofjesuschrist.org/help" to the search criteria.

So we can better help you, please edit your Profile to include your general location.
Locked

Return to “MLS Support, Help, and Feedback”