This past fall, the Office of Information Technology instituted requirements for stronger passwords and a 180 day password expiration policy in order to comply with state and University System of Maryland (USM) regulations. OIT is now preparing for the implementation of the last remaining password-related mandate, the temporary lockout of Directory IDs that are subject to repeated failed password attempts.

The purpose of a temporary lockout is to prevent an attacker from using an automated program to rapidly guess large numbers of possible passwords. Under USM guidelines, after six failed authentication attempts, all ensuing authentication attempts will be denied for the next ten minutes. This feature will be put into effect by the end of the spring semester, and more information will be provided at that time.