Please join the UW–Madison Office of Cybersecurity on April 4 for an open campus listening session on new password guidelines.
UW-Madison is in the process of adopting a new password standard for NetID and other login accounts. The Office of Cybersecurity will describe new guidelines from the National Institute for Standards and Technology (NIST), and gather your input on the best ways to implement them.
Date: Wednesday, April 4, 2018
Time: 1 – 2 p.m.
Topic: New password standard adoption from NIST
- Welcome – Bob Turner (5 min)
- Panel Discussion (20 min)
Moderator: Stefan Wahe
- Susan Dyke – Cybersecurity
- Bob Turner – Cybersecurity
- Tom Jordan – DoIT Middleware
- Chris Spencer – Cybersecurity
- Q&A (25 min)
- IAM Steering Group – Tom Jordan (10 min)
- Closing and Evaluations
Considerations for discussion
For Authenticating / Signing-In:
(1) How many systems do you sign into each day?
(2) How do you manage passwords for your university accounts and personal accounts?
(3) What are the problem with passwords?
(4) Do you use an account that is shared by others?
For Implementing Authentication / Password Controls:
(1) How are password controls implemented (for technical audience members)?
(2) How are accounts created and removed when there is a change in user status?
(3) What controls can you implement to address Man-In-The-Middle attacks?
NIST SP 800 63-3 Digital Identity Guidelines: https://pages.nist.gov/800-63-3/
UW-Madison Data Classification: https://data.wisc.edu/data-governance/#classifications
Current UW-Madison Password Policy: https://kb.wisc.edu/itpolicy/cio-password-policy
Current UW-Madison Password Standard: https://kb.wisc.edu/itpolicy/cio-password-standard
The Rules Have Changes: https://it.wisc.edu/news/easy-remember-still-hard-hack-new-guidelines-creating-strong-passwords/
Your feedback and questions are welcome at this event. For more information on the listening session or the new password guidelines, please contact firstname.lastname@example.org.