View as a webpage

From IT to You: Annual passwords and reset reminders

By Leah Mitchell, Chief Information Officer/Vice President, Kaizen, Quality and Safety

The recent Common Ground e-newsletter reminder about the yearly password reset requirement sparked several interesting discussions that bear an update:

iPhone and iPad passcodes

If you access your Salem Health email on your Apple device, you were likely required to change your passcode (the code that unlocks your iPhone or iPad) an additional time in the last few months.

In the iOS 10 software upgrade, Apple changed their default passcode requirement from 4 to 6 digits. The Salem Health email security programming has historically required users to reset their passcodes every few months, so this change from Apple was brought to our attention almost immediately. To address this issue, although we are unable to override Apple’s default requirement for a more complex passcode, we were able to reduce the frequency of the passcode change to an annual basis.

Speaking of annual resets:

“The Man Who Wrote Those Password Rules Has a New Tip: N3v$r M1^d!” – Wall Street Journal Story (viewable here with a WSJ subscription or here without one).

This story has hit home for many who struggle to manage a Rolodex full of rotating complex passwords. The good news is that the National Institute of Standards and Technology (NIST) — best practice holders for IT departments everywhere — are working to revise their recommendations on password use and management. At Salem Health, we closely monitor best practices and industry changes. It is likely that we will change our password requirements as NIST finalizes their recommendation.

Tip: for hard to crack passwords, favor long phrases over short words combined with mixed symbols (this cartoon illustrates the point nicely).

If you still have to meet a requirement for including capital letters, make it the first character of each word. If you have to include symbols or numbers, include them at the end.

And … encryption accounts

If you’ve ever created an account for our email encryption/decryption program, you will be asked to do so again after a system upgrade at the end of August. The system will walk you through the process, but you can review the setup steps on page 5 of this document, which also contains more information about email encryption at Salem Health.

Submit a question

Ask executive leadership a question to have it answered in a future Common Ground