Better cybersecurity, fewer password resets

Password resets every 90 days have been an essential part of our cybersecurity and compliance routine for decades. But starting this February, expired passwords will become less frequent thanks to modern cybersecurity practices such as Multi-Factor Authentication (MFA).

Instead, King County employees will only receive password reset prompts when our system detects a security incident has compromised your current login info; at that point, you’ll need to verify your identity with MFA and immediately set a new password before you’re allowed to log in.

“About 15 percent of KCIT’s daily calls are for password reset help,” said Mike Kaser, King County’s Chief Information Security and Privacy Officer. “This new password policy will streamline employees’ online experience and reduce call volume to the Helpdesk.”

Does this apply to all King County systems?

Not yet – this new password policy only applies to systems that are integrated with King County’s Single Sign-On (SSO) solutions. This includes your Microsoft 365 accounts, PeopleSoft, and your King County email. Other systems that are not protected by modern security such as MFA will still require regular password changes.

Do I need to reset my password if I recently received a prompt?

You should respond to all password reset requests. However, you should see fewer of them!

I’m getting a lot of password reset prompts – should I be worried?

If you start receiving frequent password reset prompts, it may be that your account has been compromised. Please submit a Security Incident ticket to the KCIT Helpdesk for assistance.