Implementing a Mandatory Password Change Policy at an Academic Medical Institution
Date: October 2007
Publication: Proceedings of the AMIA Annual Symposium 2007
Source 1: http://telemedicina.unifesp.br/pub/amia/2007%20AMIA%20Proceedings/data/papers/posters/AMIA-0220-S2007.pdf
Source 2: http://www.ncbi.nlm.nih.gov/pubmed/18693985 - Subscription or payment required
UW Medicine implemented a new policy requiring users to change passwords at least once every 120 days. In the first two password change cycles, many users did not take action upon notification, and their passwords expired, causing high help desk loads. Compliance and support loads improved in subsequent cycles. We conclude that policy changes requiring user behavior modification should be seen as a cultural change, and the implementation strategy should consider socio-technical factors.
Do you have additional information to contribute regarding this research paper? If so, please email firstname.lastname@example.org with the details.