Since the most recent Password Policies the cyber security landscape has changed a lot. Everybody remembers the ransomware attacks at the University Maastricht and the Hof van Twente. Over the last couple of years a number of security measures have been implemented. With respect to authentication, Multi-Factor Authentication (MFA) is the one with the most impact on the university's employees and students.
One of the new guidelines is that it is no longer mandatory to change the password every year. Another change is that the minimum number of characters has been changed from 10 to 14. During 2023, after your password has expired, all employees and students have to change the password according to the new rules.
The new guidelines as of December 1st, 2022, also include tips for a strong password and information about password managers to help you remember the new password.
In the meantime, LISA continues to work on increasing the safety of the university and its employees and students. One thing the guidelines point to is passwordless authentication. More on this next year. So be sure to keep an eye on the cyber safety website.