University of Wisconsin–Madison
Computer Password

Cybersecurity Share and Listen April 4: New password guidelines

Please join the UW–Madison Office of Cybersecurity on April 4 for an open campus listening session on new password guidelines.

UW-Madison is in the process of adopting a new password standard for NetID and other login accounts. The Office of Cybersecurity will describe new guidelines from the National Institute for Standards and Technology (NIST), and gather your input on the best ways to implement them.

Date:     Wednesday, April 4, 2018

Time:     1 – 2 p.m.

Place:    1360 Genetics-Biotechnology Center Building

Full agenda

Topic: New password standard adoption from NIST

  1.   Welcome – Bob Turner (5 min)
  2.   Panel Discussion (20 min)

Moderator: Stefan Wahe

Panel:

  •         Susan Dyke – Cybersecurity
  •         Bob Turner – Cybersecurity
  •         Tom Jordan – DoIT Middleware
  •         Chris Spencer – Cybersecurity
  1.   Q&A (25 min)
  2.   IAM Steering Group – Tom Jordan (10 min)
  3.   Closing and Evaluations

Considerations for discussion

For Authenticating / Signing-In:
(1) How many systems do you sign into each day?
(2) How do you manage passwords for your university accounts and personal accounts?
(3) What are the problem with passwords?
(4) Do you use an account that is shared by others?

For Implementing Authentication / Password Controls:
(1) How are password controls implemented (for technical audience members)?
(2) How are accounts created and removed when there is a change in user status?
(3) What controls can you implement to address Man-In-The-Middle attacks?

Resources

NIST SP 800 63-3 Digital Identity Guidelineshttps://pages.nist.gov/800-63-3/

UW-Madison Data Classification: https://data.wisc.edu/data-governance/#classifications

Current UW-Madison Password Policy: https://kb.wisc.edu/itpolicy/cio-password-policy

Current UW-Madison Password Standard: https://kb.wisc.edu/itpolicy/cio-password-standard

The Rules Have Changes: https://it.wisc.edu/news/easy-remember-still-hard-hack-new-guidelines-creating-strong-passwords/

Your feedback and questions are welcome at this event. For more information on the listening session or the new password guidelines, please contact cybersecurity@cio.wisc.edu.