Implementing a Mandatory Password Change Policy at an Academic Medical Institution
Author(s): Michael W. Brogan, Ching-Ping Lin, Rakesh Pai, Ira J. Kalet

Date: October 2007
Publication: Proceedings of the AMIA Annual Symposium 2007
Page(s): 884
Source 1: http://telemedicina.unifesp.br/pub/amia/2007%20AMIA%20Proceedings/data/papers/posters/AMIA-0220-S2007.pdf
Source 2: http://www.ncbi.nlm.nih.gov/pubmed/18693985 - Subscription or payment required

Abstract:
UW Medicine implemented a new policy requiring users to change passwords at least once every 120 days. In the first two password change cycles, many users did not take action upon notification, and their passwords expired, causing high help desk loads. Compliance and support loads improved in subsequent cycles. We conclude that policy changes requiring user behavior modification should be seen as a cultural change, and the implementation strategy should consider socio-technical factors.



Do you have additional information to contribute regarding this research paper? If so, please email siteupdates@passwordresearch.com with the details.

<-- Back to Authentication Research Paper Index





[Home] [About Us] [News] [Research]

Copyright © 2016 PasswordResearch.com