Coming Soon...changes to the Password Policy and the Login Screen
Users will notice a number of key changes following the implementation of ESR Release 49 (planned for 26th March) to some of the most used areas, including the login page, password expiry and password criteria. Details of the changes are set out here and will apply to all new user accounts with the password criteria also being applicable to existing users when passwords are updated.
Password Criteria
As mentioned, for existing user accounts the password criteria detailed below will need to be used once the password is either reset or is required to be changed. For any user accounts created following ESR Release 49 then the below rules will need to be followed.
New Criteria
|
Previous Criteria
|
Must be minimum of 12 characters
|
8 characters
|
Remove enforced use of at least one letter and one number
|
Password must contain at least one letter and one number
|
Special characters permitted e.g. %@!()
|
Some special characters are not permitted
|
May not be the same as previous four passwords
|
Must differ from previous passwords
|
All other criteria for passwords remains the same with passwords not allowed to contain reference to certain common, or easy to guess information such as username and location for example.
Password Expiry Periods
For user accounts created following ESR Release 49 the 90 day timeout will no longer be set as the default. Instead there will be no timeout period defined i.e. the password will never expire.
The Auto User Account Creation process, which creates new user account for qualifying new employees, applicants and external users has also been updated to use all of the new rules outlined above.
Local Communication for Users
To help ESR Leads we have developed a pdf poster that can be used internally to help NHS employees understand the changes to the Password Policy. You can download it here.