Staff & Faculty Password Policy

 

In an effort to provide a more secure computing environment, ITServices has implemented a password security policy for staff and faculty.  The
following is a brief description of the password policy requirements:

 

Enforce password history                                              5 passwords remembered

Maximum password age                                                180 days

Minimum password age                                                 1 day

Minimum password length                                             8 characters

Strong passwords are required

 

(You may only change your password once a day and you may not reuse any of the last 5 passwords you used. You will be required to change your password every 180 days.)

 

Strong passwords must meet the following minimum requirements:

 

• Not contain all or part of the user's account name
• Be at least eight characters in length
• Contain characters from three of the following four categories:
• English uppercase characters (A through Z)
• English lowercase characters (a through z)
• Base 10 digits (0 through 9)
• Non-alphabetic characters (Only these are allowed: ! % * + , - / : ? _ because of compatibility with Banner)
  Experience shows that Banner will definitely fail if you use @  '  "  &  /

 

An example of a complex password is J*p2leO4-F

 

The simplest way to create a valid complex password is is to include at least 1 lowercase letter, at least 1 uppercase letter, and at least 1 number. Tha password must contain at least 8 characters.

 

Note:  The complex password requirements are enforced when passwords are changed or created.

 

Link to Password Tips and Examples

 

How to Change Your Password on Windows XP

How to Change Your Password on Windows 7

How to Change Your Password using OWA (Outlook Web App - Web Email)

How to Change Your Password on the web

 

Links to password generators. These sites will give you a strong password but it is up to you to make sure it still meets the university guidelines so it will work.

• Strong Password Generator
• Online Password Generator
• Password Generator

 

Account Lockout Policy

 

• Account lockout after (5) five failed login attempts
• Account lockout duration 15 minutes
• Account reactivated after 15 minutes

 

 

Best practices for account protection

 

• Never share passwords with anyone.

 

• Never allow others to use your account for any reason.  If a person does not have an account of their own, they may request one from ITServices.

 

• Change your password immediately if you think it has been compromised.

 

• If passwords must be written down on a piece of paper, store the paper in a secure place and destroy it when it is no longer needed.  Treat your password like you would your personal credit card.

 

• Be careful where passwords are saved on computers. Some dialog boxes, such as those for remote access and other telephone connections present an option to save or remember a password. Selecting this option poses a potential security threat.

 

• Use the Windows password protected screen saver.

 

• Lock your desktop when you are away from your computer.

 

Note: You are responsible for your user account. If your account is used in an inappropriate manner by you or others you will be held accountable.

 

(Updated 8/15/2011)