Password Changing and multiple clients

We instituted a tighter password policy this year that's biting a lot of our users with mobile devices.

Policy: 6 invalid logins will lock user's account

Problem: User changes their password and can log back into Zimbra with no problem. However, some mobile devices (IMAP?) will sense that the password they are using won't work and will keep trying the wrong password until the user can update the password on the device. Unfortunately, that device may have already locked their LDAP account.

So, my questions...

- How many schools have a similar lockout policy? If so, how many invalid logins do you allow before lockout?

- Are you having this problem (with mobile devices locking a user's account after user changes password)?

On a related issue, we are also forcing users to change their password every 120 days. We have a zimlet that warns people when their password is about to expire, but we don't have a method for warning our IMAP (and other 3rd part client) users. I despise sending an email message that tells people "Your password is about to expire. Click this _link_ to change your password" since it looks like a phishing message.

- How are other schools notifying 3rd party client email users that it's time to change their password? If you're using email, how do you convince your users that it's not a phishing scam?

Thanks...

--
Fred Seaton
Western Illinois University