August 8, 2014

 

If you were one of the thousands of retirees and survivors who complained to DFAS about the ridiculously penal password content and expiration requirements the agency imposed last year -- congratulations.   

You helped force DFAS to appreciate that its crazy requirements increased security in only one way -- by preventing beneficiaries from being able to use DFAS online services.     

The changes come almost a year to the day when MOAA first petitioned DFAS to adjust its password policy.  

Here's a summary of what DFAS agreed to change about the password requirements, effective immediately:  

Password length  

Old:  15 to 30 characters

 

New:  9 to 30 characters  

Password Content  

Old:

 

No spaces

 

At least TWO

 

-uppercase letters

 

-lowercase letters

 

-numbers

 

-special characters of the following eight (!,@,#,$,^,*,=,_)  

New:

 

No spaces

 

At least ONE

 

-uppercase letter

 

-lowercase letter

 

-number

 

-special character of the following eleven (!,@,#,$,%,^,*,+,_,=)  

Password expiration/change requirement  

Old:

 

Every 60 days  

New:

 

Every 150 days  

This is just one more demonstration that grassroots inputs work if enough people exercise them.