[{"command":"insert","method":"replaceWith","selector":"#div_procedure","data":"\u003Cdiv id=\u0022div_procedure\u0022\u003E\n \u003Ch3\u003ELast update: 10\/1\/2020\u003C\/h3\u003E\n \u003Cdiv class=\u0022text-card\u0022\u003E\n \u003Cp class=\u0022h5\u0022\u003EProcedure\u003C\/p\u003E\n \u003Cdiv\u003E\u003Cp\u003EDefinition: \u003Cstrong\u003EMulti-factor authentication\u003C\/strong\u003E is an authentication method in which a computer user is granted access only after successfully presenting two or more pieces of evidence (or factors) to an authentication mechanism: knowledge (something the user and only the user knows), possession (something the user and only the user has), and inherence (something the user and only the user is).\u0026nbsp; In the case of NMU, the first authentication method must be a password.\u0026nbsp; There are several options for secondary authentication, including an authenticator application, the device\u0026rsquo;s built in security key, external USB or similar security key, and backup codes.\u003C\/p\u003E\r\n\r\n\u003Cp\u003EUsing various tools, NMU will assign a strength score to each user\u0026rsquo;s password. The use of multi-factor authentication will determine the need and frequency for a password change. In an effort to better protect and secure the information and privacy of the Faculty, Staff, and Students of Northern Michigan University, the following authentication procedures will be required:\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u003C\/p\u003E\r\n\r\n\u003Cul\u003E\r\n\t\u003Cli\u003EPasswords must be of an acceptable strength as determined by the CISO.\u0026nbsp;\u003C\/li\u003E\r\n\t\u003Cli\u003EIf multi-factor authentication is enabled, a yearly password change for faculty, staff, and retirees will not be required.\u003C\/li\u003E\r\n\t\u003Cli\u003EIf multi-factor authentication is disabled, a password change will be required 1 year from the date of the last password change for faculty, staff, and retirees.\u0026nbsp;\u0026nbsp;\u003C\/li\u003E\r\n\t\u003Cli\u003EStudents are not required to change their passwords on a yearly basis.\u0026nbsp;\u0026nbsp;\u003C\/li\u003E\r\n\t\u003Cli\u003EPasswords cannot be reused.\u003C\/li\u003E\r\n\t\u003Cli\u003EPasswords must begin with an alphabetic character a-z or A-Z.\u0026nbsp; Valid password characters are a-z, A-Z, 0-9, the special characters ~!#$%^\u0026amp;*()_+-=[]{}|;:\/,.\u0026lt;\u0026gt;? \u0026nbsp; A space character is also permitted, just not at the beginning or end of the password.\u0026nbsp;\u003C\/li\u003E\r\n\t\u003Cli\u003EPasswords must be at least a minimum of 8 characters and a maximum of 64 characters\u003C\/li\u003E\r\n\t\u003Cli\u003EIn order to respond to technology changes, the CISO designates the Network Operations Center to continue to assess, and as appropriate, present alternatives, to two factor authentication methods.\u003C\/li\u003E\r\n\t\u003Cli\u003EIf NMU receives notice that an external entity has been compromised and the breached data includes an ID and password that match a current NMUID and password, the user will be required to change their NMU password.\u003C\/li\u003E\r\n\u003C\/ul\u003E\r\n\r\n\u003Cp\u003EEnforcement:\u003C\/p\u003E\r\n\r\n\u003Cp\u003EThe new policy will take effect on 10\/1\/2020 and will be used for all subsequent password creations and changes.\u003C\/p\u003E\r\n\u003C\/div\u003E\n \u003C\/div\u003E\n\u003C\/div\u003E\n","settings":null},{"command":"redirect","url":"#procedure_anchor"}]