System Status Home / LITS / Policies / Policy on Password Practices and Standards

Policy on Password Practices and Standards

Overview and Purpose

The College has established a common mechanism — the NetID and corresponding password — through which individuals can uniquely identify themselves to the College, and through which the College can offer them the electronic services to which they are entitled.  In order to protect College information, computers and networks from unauthorized access, the College must take reasonable steps to ensure that passwords are protected.

Scope

The password requirements listed in this policy apply to all NetID accounts, and are considered a best-practice recommendation for other accounts.  The password protection requirements listed in this policy apply to NetID and other passwords, PINs, or other credentials that exist to identify and authorize an individual for access to accounts, computers or systems meant for that person alone.  Group accounts (e.g. an e-mail address for a student group), or resources assigned to more than one individual in an office or department (e.g. a voicemail password on the departmental extension) are excluded from the password protection requirements to the extent necessary to facilitate sharing of these resources among people who need to access them.

Where possible, these requirements are automated into College systems and processes.

Password Protection Requirements

The following action is prohibited:

• Reusing one of 4 previous passwords for the same account.

The following actions place passwords at risk, and are strongly discouraged:

• Writing passwords down.
• Sending passwords through e-mail.
• Storing passwords in a document that is not encrypted.
• Telling your password to someone else, in person or over the phone.
• Hinting at the format of your password.
• Revealing your password on a form on the Web, other than to log into a College system to which you have access.
• Using your College password for non-College accounts.

The following action is required:

• Change passwords every six months.
• To change your password, see our NetID Look up and Password Change Tool.

In addition, students, faculty and staff are strongly encouraged to take certain actions to protect College passwords:

• Be careful about letting someone see you type your password.
• Report any suspicion of your password being compromised to the ITS Help Desk
• If anyone asks for your password, report that person to the ITS Help Desk

NetID Password Requirements

Passwords should not contain:

• Common acronyms
• Common words or reverse spelling of words
• Names of people or places
• Part of your login name (NetID)
• Parts of numbers easily remembered (e.g. phone numbers, social security numbers, street addresses)
• Spaces

Passwords must contain:

• At least 8 total characters
• Capital and lowercase letters
• At least 2 numbers or special characters

Policy Questions

Questions about the College Policy on Password Protections and Standards can be addressed to the ITS Help Desk: 585.395.5151 option 1, or helpdesk@brockport.edu.

 

 

Posted September 8, 2009

Last Updated 07/18/2013