October 4, 2023

42-Day Password Change Requirement

The following message is from the IT Department:

UMW Students, Faculty, and Staff,

The Commonwealth of Virginia SEC501 Security Standard requires user-accounts of sensitive systems to change passwords every 42 days or use multi-factor authentication. Banner is a sensitive system, and because all UMW students, faculty, and staff use Banner, all UMW accounts must change their passwords every 42 days, or use multi-factor authentication, to comply with the Commonwealth standard.

You may already be familiar with multi-factor authentication from personal online accounts and social media logins. Multi-factor authentication is a process where, when you log into a system, you must enter a username and password, and also enter additional verification of who you are, by acknowledging your login using a multi-factor authentication app on your mobile phone, or entering a one-time code number that is texted to your mobile phone or emailed to you.

The IT Department is working on a project to implement multi-factor authentication for Banner and other systems in the spring. However, until that time, to comply with Virginia SEC501 requirements, your account settings will be changed from the current 90-day password change requirement to a 42-day change requirement.

Beginning Wednesday, October 5, 2022, you will be required to change your password every 42 days. You’ll receive a notice from helpdesk@umw.edu when it’s time to update your password on this new schedule.

We appreciate your cooperation and compliance with this Commonwealth of Virginia requirement.

Please contact me if you have questions or concerns. Thank you.

Mike Townes

Director of Information Technology Security/ISO

University of Mary Washington