Question AAAI-03

Can you enforce password/passphrase aging requirements?

Standard Guidance

EDUCAUSE provides no guidance here

Answering "NO"

Describe plans to support password/passphrase aging requirements.

Answering "YES"

Describe how aging requirements are implemented in the product.

Reason for Question

This question is primarily focused on account management capabilities that are built into a system. Although aging is not always required, a system that lacks commodity functionality may be lacking in other areas as well. Use the vendor's response to this question as a way to pivot to other questions, as needed.

Follow-Up Inquiries

The value of this question depends on your institution's policy on passwords, its use of 2FA, or any number of factors. Follow-ups for this question are unique to the institution.

HECVAT Pro Advice

[Add expert insights and best practices]

Implementation Tips

[Add practical steps for SME SaaS vendors]

FAQ

[Add common questions related to this HECVAT item]

Resources

[Add links to relevant articles or tools]