Changing passwords every 45 days. Being timed out of the Integrated System after 90 minutes if there is no activity. Both of these annoyances prompted distress calls on the IS User Survey. (There are other timing out issues that are not security related. See Hints and Tips General.)

One has only to watch the evening news or open up a newspaper to know the damage that can be caused by security breaches of information systems containing sensitive data. The University of Virginia has opted to use industry “best practices” to protect the data in the Integrated System and the users of the system, and those “best practices” include using strong passwords, changing them every 45 days, and timing out a session if there has been no activity for 90 minutes.

“We understand users’ frustration,” says Teresa Wimmer, ISDS Technical Director. “We experience the same inconveniences as any user. However, the University’s responsibility is to secure the data held in its care, and this is the least intrusive solution at this point. ITC continuously monitors security risk and possible interventions, and ISDS will work with them to select those interventions that inconvenience system users as little as possible.”