What's New

Password Policy updates (2019-03-14)

Follow
Brad Marshall
  • Agilix team member
  • Updated:
    info_outline
    Created:

Domains (e.g., school, district) can have a password policy that:

  • Determines the rules for password requirements for their users.
  • Defines what should happen when a user attempts to login with an inaccurate password.

Over the next several months, we will be implementing two phases of security updates to the default password policy.

Who is impacted by these changes?

These changes will impact all users in domains that do not already have their own password policy (either inherited by a parent domain or explicitly set on itself) and those that authenticate with their Buzz credentials.

Who is not impacted by these changes?

These changes will not impact any user in a domain that already has a password policy in place, either inherited by a parent domain or explicitly set on itself. Nor will it impact any user that authenticates into Buzz with single sign-on (SSO).

When and what will the changes be?

Beginning March 14, 2019, the following rules will be applied:

  • The setting Number of unsuccessful login attempts before lockout will be set to 10 attempts. This means that if a user enters an incorrect password 10 consecutive times, their account will be locked. For their account to be unlocked, an administrator must reset the user’s lockout (see How do I override password lockout for a user?) or the user must wait until their lockout expires.
  • The setting Lockout duration will be set to 1 hour (PT1H). This means that if a user has a lockout due to unsuccessful login attempts, they will not be able to login again until 1 hour after the lockout began.

During Summer 2019, the following rules will be applied:

  • The setting Number of unsuccessful login attempts before lockout will be set to 7 attempts. This means that if a user enters an incorrect password 5 consecutive times, their account will be locked. For their account to be unlocked, an administrator must reset the user’s lockout (see How do I override password lockout for a user?) or the user must wait until their lockout expires.
  • The setting Lockout duration will be set to 3 hours (PT3H). This means that if a user has a lockout due to unsuccessful login attempts, they will not be able to login again until 3 hours after the lockout began.
  • The setting Minimum password length will be set to 8 characters. This means that users will be required to enter a password with at least 8 characters when changing or creating a new user.

As Summer 2019 approaches, we will publish a new announcement with the full details (e.g., date, additional changes).

What if I want a more (or less) strict password policy?

If you wish to opt for a different password policy, you can do so today (see How do I set up my domain password policy?). A password policy is inherited by subdomains. This allows you to define one at a top-level to be inherited by all subdomains and change it for a specific school. Alternatively, you can set it at each domain if you need a unique password policy for each.

Comments (4)

Sort by
Raquel Hernandez

I am locked out of my  email account for iSchool Agilix Buzz.

 

I cannot remember my password,what do i do?

Brad Marshall
  • Agilix team member

Hello Raquel, if you know your username and your user account has an email address associated with it, then you can use the "Forgot password" option. If you are a member of iSchool, you can also reach out to your organization at isvaregistrar@responsiveed.com

Mary Scott Senan

Hi,

When will the update be released to require that users create a password of at least 8 characters? Please let me know.

Mary Scott Senan

Brad Marshall
  • Agilix team member

Hey Mary, we just published Password Policy updates (2019-07-11), which includes all of the information for the update. It will go into effect on July 11, 2019.

Please sign in to leave a comment.