| |
|
|
 |
|
Password Policy
This password policy will help us better protect our institutional data from loss, protect the confidentiality of our data and protect the privacy of our students, donors, employees and patrons, as well as reducing opportunities for cyber attacks on the computers and servers within our campus network.
- Individuals must have passwords on all accounts which are used to access data or services which are not public. Passwords are not required on accounts provided for services offered to the public.
- Individuals must change their initial account passwords. When the accounts are created, Information Technology Services will provide initial passwords to enter the accounts. Individuals must then log in and change their passwords to something that only they know, not even Information Technology Services.
- Individuals must not share their passwords with others unless the account is designated for use by multiple individuals (e.g. work study accounts or department accounts). Individuals must not engage in activity outside the limits of access that have been authorized for them. This includes but is not limited to:
- Revealing a password for any account, including one's own personal account.
- Permitting the use of any account, including one's own personal account, in a way that allows unauthorized access to resources (e.g. logging in for someone else).
- Individuals must change their passwords at least annually. To the extent that it is possible with our numerous computer systems, Information Technology Services will create utilities to make it easy for individuals to change their account passwords.
- Individuals must not post their passwords on or near the computer.
- Individuals should not write their passwords down. You are encouraged to follow the few simple guidelines listed below to create passwords which are difficult to guess but are easily remembered. In the event that passwords must be written down to be remembered, then the passwords must be placed in a locked location until memorized. If a suitable lockable space can not be found, then the passwords may be kept in a well protected, unlocked location until memorized (e.g. a wallet).
- Information Technology Services will, whenever reasonably possible, monitor accounts to confirm that passwords are being changed according to this policy. The level at which accounts will be monitored will vary from system to system since the tools available for each system also vary.
- Information Technology Services will, whenever reasonably possible, configure accounts for automatic password expiration and set other options to encourage or remind individuals to change their passwords. ITS will do what they can to help individuals to succeed in following the policy.
- Violations of this policy may be referred to appropriate administrative offices for disciplinary action. Violators may be subject to disciplinary outcomes as outlined in the Student Handbook and Employee Handbook. In addition to the other sanctions outlined in the handbooks, one possible outcome is the restriction or suspension of access privileges.
Good passwords are easy to remember, so you don't need to write them down where someone could find them, but difficult to guess. The longer the password, the more secure it will be. Passwords should not in any way relate to you, otherwise, they will be easier to guess by someone who knows you. Best passwords are nonsensical gibberish and use a number of the techniques listed below.
- use passwords that are at least eight (8) characters long
- use at least one (1) number in your password
- use a combination of letters and numbers (e.g. "investig8or")
- do not use any real words at all (e.g. words found in a dictionary, English or foreign)
- do not use combinations of any real words (e.g. cornbean)
- do not use a series of adjacent letters on the keyboard (e.g. qwerty)
- do not use your account name as your password or even as part of your password
- do not use a name (e.g. name of a family member, friend, pet, or a nickname)
- do not use words that someone would use to describe your interests (e.g. sports teams, hobbies)
- do not use special characters (e.g. ~, !, @, #, $, %, ^, &, *, <, >, +, -, |, \, /, `, ', ', ", ")
- At their discretion, some departments may impose additional rules or restrictions to better improve security.
Author:Information Technology Services
Approval: Information Technology Services
Created: 03/05/03
Revised: 02/27/08
|
|
