Expiring Password
-
- Community Moderators
- Posts: 9914
- Joined: Mon Mar 17, 2008 12:30 am
- Location: USA, TX
Expiring Password
Today I and a bishopric counselor completing a donation batch were presented with a pop-up that stated our passwords were expiring and we needed to change our passwords. It also stated we only had three more log-ons to make the change.
In the fifteen years I have been using and signing onto MLS I have not seen this. Has anyone else seen this? Is this a new requirement? If so, is the period between password changes anything like the one for the LDS Account workforce?
In the fifteen years I have been using and signing onto MLS I have not seen this. Has anyone else seen this? Is this a new requirement? If so, is the period between password changes anything like the one for the LDS Account workforce?
JD Lessley
Have you tried finding your answer on the ChurchofJesusChrist.org Help Center or Tech Wiki?
Have you tried finding your answer on the ChurchofJesusChrist.org Help Center or Tech Wiki?
-
- Senior Member
- Posts: 3908
- Joined: Mon Sep 24, 2007 9:17 am
- Location: Cumming, GA, USA
Re: Expiring Password
I've seen this for a while now. I assume we've had this requirement because we were on the finance beta and could process EFT reimbursements via MLS (although I never did it in MLS--I always used LCR). I believe it is requiring that we change passwords every 3 months.
-
- Church Employee
- Posts: 3025
- Joined: Mon Feb 09, 2009 4:55 pm
- Location: Riverton, Utah
Re: Expiring Password
We added that functionality to MLS about four years ago, but it was only enabled for units with direct deposit functionality. As that expands, the requirement then applies to your unit.jdlessley wrote:In the fifteen years I have been using and signing onto MLS I have not seen this. Has anyone else seen this? Is this a new requirement? If so, is the period between password changes anything like the one for the LDS Account workforce?
- Mikerowaved
- Community Moderators
- Posts: 4741
- Joined: Sun Dec 23, 2007 12:56 am
- Location: Layton, UT
Re: Expiring Password
I'm of the growing opinion that forcing frequent password changes may actually be detrimental to security. Here's one of many such articles supporting this.scgallafent wrote:We added that functionality to MLS about four years ago, but it was only enabled for units with direct deposit functionality. As that expands, the requirement then applies to your unit.
So we can better help you, please edit your Profile to include your general location.
-
- Community Administrator
- Posts: 34490
- Joined: Sat Jan 20, 2007 2:53 pm
- Location: U.S.
Re: Expiring Password
See page 24 of this NIST publication 800-63B. This hasn't made it's way into the government - yet. I think it's because of the additional password checking the new guidelines require. Maybe once Microsoft adds it to their standard OS (much like the periodic change change and complexity requirements in the Group Policy), then it will get broader use.Mikerowaved wrote:I'm of the growing opinion that forcing frequent password changes may actually be detrimental to security. Here's one of many such articles supporting this.
Have you searched the Help Center? Try doing a Google search and adding "site:churchofjesuschrist.org/help" to the search criteria.
So we can better help you, please edit your Profile to include your general location.
So we can better help you, please edit your Profile to include your general location.
-
- Church Employee
- Posts: 3025
- Joined: Mon Feb 09, 2009 4:55 pm
- Location: Riverton, Utah
Re: Expiring Password
While the article has valid points, we discovered several interesting things as we started enabling this. There are a few benefits to forcing password changes on a semi-regular basis in our environment.Mikerowaved wrote:I'm of the growing opinion that forcing frequent password changes may actually be detrimental to security. Here's one of many such articles supporting this.scgallafent wrote:We added that functionality to MLS about four years ago, but it was only enabled for units with direct deposit functionality. As that expands, the requirement then applies to your unit.
-
- Community Administrator
- Posts: 34490
- Joined: Sat Jan 20, 2007 2:53 pm
- Location: U.S.
Re: Expiring Password
It would be interesting to find out.scgallafent wrote:While the article has valid points, we discovered several interesting things as we started enabling this. There are a few benefits to forcing password changes on a semi-regular basis in our environment.
A few ideas come to mind:
Some units have accounts "by function" instead of "by user". Forcing the change means the prior user is locked out.
Likewise, someone may share their password as a matter of expediency. And by forcing the change, they are locked out.
Have you searched the Help Center? Try doing a Google search and adding "site:churchofjesuschrist.org/help" to the search criteria.
So we can better help you, please edit your Profile to include your general location.
So we can better help you, please edit your Profile to include your general location.
-
- Church Employee
- Posts: 3025
- Joined: Mon Feb 09, 2009 4:55 pm
- Location: Riverton, Utah
Re: Expiring Password
Both of those scenarios are potential concerns.russellhltn wrote:Some units have accounts "by function" instead of "by user". Forcing the change means the prior user is locked out.
Likewise, someone may share their password as a matter of expediency. And by forcing the change, they are locked out.
- Mikerowaved
- Community Moderators
- Posts: 4741
- Joined: Sun Dec 23, 2007 12:56 am
- Location: Layton, UT
Re: Expiring Password
I think you meant page 14 using the pages numbers, which is the 24th page as a PDF viewer would count them.russellhltn wrote:See page 24 of this NIST publication 800-63B.
So we can better help you, please edit your Profile to include your general location.
-
- Community Administrator
- Posts: 34490
- Joined: Sat Jan 20, 2007 2:53 pm
- Location: U.S.
Re: Expiring Password
Yes, page 24 of the PDF.Mikerowaved wrote:I think you meant page 14 using the pages numbers, which is the 24th page as a PDF viewer would count them.russellhltn wrote:See page 24 of this NIST publication 800-63B.
But from some PMs, I've learned that "shared passwords" have indeed been a problem in some units. So, NIST not withstanding, a requirement to periodically change the passwords will likely continue in certain church apps for the foreseeable future.
Have you searched the Help Center? Try doing a Google search and adding "site:churchofjesuschrist.org/help" to the search criteria.
So we can better help you, please edit your Profile to include your general location.
So we can better help you, please edit your Profile to include your general location.