Implementing a mandatory password change policy at an academic medical institution

UW Medicine implemented a new policy requiring users to change passwords at least once every 120 days. In the first two password change cycles, many users did not take action upon notification, and their passwords expired, causing high help desk loads. Compliance and support loads improved in subseq...

Full description

Saved in:
Bibliographic Details
Published inAMIA ... Annual Symposium proceedings p. 884
Main Authors Brogan, Michael W, Lin, Ching-Ping, Pai, Rakesh, Kalet, Ira J
Format Journal Article
LanguageEnglish
Published United States 11.10.2007
Subjects
Academic Medical Centers - organization & administration
Computer Security
Organizational Innovation
Organizational Policy
Online AccessGet full text

Cover

More Information
Summary:UW Medicine implemented a new policy requiring users to change passwords at least once every 120 days. In the first two password change cycles, many users did not take action upon notification, and their passwords expired, causing high help desk loads. Compliance and support loads improved in subsequent cycles. We conclude that policy changes requiring user behavior modification should be seen as a cultural change, and the implementation strategy should consider socio-technical factors.
Bibliography:ObjectType-Article-1
SourceType-Scholarly Journals-1
ObjectType-Feature-2
content type line 23
ISSN:1559-4076