The College has established a common mechanism — the NetID and corresponding password — through which individuals can uniquely identify themselves to the College, and through which the College can offer them the electronic services to which they are entitled. In order to protect College information, computers and networks from unauthorized access, the College must take reasonable steps to ensure that passwords are protected.
The password requirements listed in this policy apply to all NetID accounts, and are considered a best-practice recommendation for other accounts. The password protection requirements listed in this policy apply to NetID and other passwords, PINs, or other credentials that exist to identify and authorize an individual for access to accounts, computers or systems meant for that person alone. Group accounts (e.g. an e-mail address for a student group), or resources assigned to more than one individual in an office or department (e.g. a voicemail password on the departmental extension) are excluded from the password protection requirements to the extent necessary to facilitate sharing of these resources among people who need to access them.
Where possible, these requirements are automated into College systems and processes.
The following action is prohibited:
The following actions place passwords at risk, and are strongly discouraged:
The following action is required:
In addition, students, faculty and staff are strongly encouraged to take certain actions to protect College passwords:
Passwords should not contain:
Passwords must contain:
Questions about the College Policy on Password Protections and Standards can be addressed to the ITS Help Desk: 585.395.5151 option 1, or firstname.lastname@example.org.
Posted September 8, 2009
Last Updated 05/09/2011