Password Requirement Changes Effective September 25

Published Sep 12, 2023 by
Filed under:

Dear Campus Community,

I’m writing to inform you of an important change ITCS is implementing regarding your PirateID passwords. The IT security landscape continues to evolve with new threats, best practices, and standards emerging over time. As we continue to look for ways to reduce risk to campus, it’s evident that our current 8-character password standard is not sufficient to protect our accounts from modern threats. As computing power continues to increase it’s now possible to crack an 8-character password in a matter of hours. We do have safeguards in place to prevent that from happening such as multifactor authentication, but those mitigations are not foolproof, so it’s important to ensure we have a minimum password requirement that is sufficient, considering modern threats.

Password changes that occur on or after Monday, September 25, will require a 15-character minimum password with an annual password expiration.

Increasing the minimum password length to 15 characters ensures future compliance with the many evolving regulatory guidelines applicable to our university and reduces the risk of password cracking. Because of this change, passwords will no longer be required to change every 90 days* as we move to an annual password expiration.

In the coming months ITCS is also planning for a new self-service password reset portal to ultimately replace pirateid.ecu.edu. There is no action for campus to take on this yet, but as we complete testing and finalize plans, we’ll be communicating with campus on this initiative as well.

It’s important for our campus to stay ahead of the threats wherever possible to protect our most-valued technology and data assets. While we understand security changes can be disruptive, we appreciate your understanding as we work to protect the integrity of our academic and administrative systems.

Our IT team stands ready to assist and support the campus as this change takes effect. We will also be updating our online documentation on the new password requirements over the coming weeks.

Zach Loch
Associate Vice Chancellor
Chief Information Officer

*Password compliance requirements vary by industry. For example, PCI requires password changes every 90 days. ITCS will communicate separately with specific users that may have different password requirements.

Frequently Asked Questions

What is the new password requirement?
Your password must be at least 15 characters and contain 3 of these 4 character classes:

  • Numeral
  • Upper case letter
  • Lower case letter
  • Special character (e.g., !, @, #, *, ?)

When will I be required to change my password?
You will be required to change your password based on your current password expiration date. Any password changes that happen on or after September 25, 2023, will require the new 15-character password. Once your password is changed the first time on or after September 25, you will be required to change your password on an annual basis.

How often will I have to change my password?
Once your password is changed the first time on or after September 25, 2023, you will be required to change your password on an annual basis.

Where do I change my passphrase?
You will continue to change your passphrase using the same tools as before. Passwords can be changed at the pirateid.ecu.edu website. For ECU-managed Macs, continue to change your password locally (on your computer).

If you require assistance with changing your password, please contact the IT Service Desk at 252-328-9866, itcs.ecu.edu or helpdesk@ecu.edu.

Post expires at 8:17am on Tuesday March 12th, 2024