On Thu, Jun 3, 2010 at 9:22 AM, Fred Seaton
<F-Seaton@wiu.edu> wrote:
On a related issue, we are also forcing users to change their password every 120 days. We have a zimlet that warns people when their password is about to expire, but we don't have a method for warning our IMAP (and other 3rd part client) users. I despise sending an email message that tells people "Your password is about to expire. Click this _link_ to change your password" since it looks like a phishing message.
- How are other schools notifying 3rd party client email users that it's time to change their password? If you're using email, how do you convince your users that it's not a phishing scam?
Just send them a plain-text e-mail stating their password will expire in X days, and to remind them to login to their account to change it. Don't include any links of any kind. Just a plain text message with the reminder. Then it's up to them to go out and login to their account correctly to change the password.
Maybe add a quick blurb at the end reminding them that you will never ask for their password via e-mail, nor will you ever send out messages with links to change passwords or reset accounts, etc.