Policy on Password Practices and Standards

Main Page Content

Policy Statement

The College has established a common mechanism - the NetID and corresponding password - through which individuals can uniquely identify themselves to the College, and through which the College can offer them the electronic services to which they are entitled.

Category Name: Information Technology
Responsible Unit: Library, Information, and Technology Services
Responsible Exec: Provost and VP for Academic Affairs
Adoption Date: Unavailable
Last Revision Date:
Last Review Date:

Purpose/Scope

In order to protect College information, computers and networks from unauthorized access, the College must take reasonable steps to ensure that passwords are protected.

The password requirements listed in this policy apply to all NetID accounts, and are considered a best-practice recommendation for other accounts. The password protection requirements listed in this policy apply to NetID and other passwords, PINs, or other credentials that exist to identify and authorize an individual for access to accounts, computers or systems meant for that person alone. Group accounts (e.g. an e-mail address for a student group), or resources assigned to more than one individual in an office or department (e.g. a voicemail password on the departmental extension) are excluded from the password protection requirements to the extent necessary to facilitate sharing of these resources among people who need to access them.

Where possible, these requirements are automated into College systems and processes.

Applicability

 

Definitions

There are no definitions for this policy at this time.

Policy Procedures

Password Protection Requirements

The following action is prohibited:

  • Reusing one of 4 previous passwords for the same account.

The following actions place passwords at risk, and are strongly discouraged:

  • Writing passwords down.
  • Sending passwords through email.
  • Storing passwords in a document that is not encrypted.
  • Telling your password to someone else, in person or over the phone.
  • Hinting at the format of your password.
  • Revealing your password on a form on the Web, other than to log into a College system to which you have access.
  • Using your College password for non-College accounts.

The following action is required:

In addition, students, faculty and staff are strongly encouraged to take certain actions to protect College passwords:

  • Be careful about letting someone see you type your password.
  • Report any suspicion of your password being compromised to the IT Service Desk.
  • If anyone asks for your password, report that person to the IT Service Desk.

NetID Password Requirements

Passwords should not contain:

  • Common acronyms
  • Common words or reverse spelling of words
  • Names of people or places
  • Part of your login name (NetID)
  • Parts of numbers easily remembered (e.g. phone numbers, social security numbers, street addresses)
  • Spaces

Passwords must contain:

  • At least 8 total characters
  • Capital and lowercase letters
  • At least 2 numbers or special characters

 

Links to Related Procedures and Information

There are no links for this policy at this time.

Contact Information

Policy Questions

Questions about the College Policy on Password Protections and Standards can be addressed to the IT Service Desk: (585) 395.5151 option 1, through our self-service portal, Service Now (login required).

History (in descending order)

Item Date Explanation
Next Review Date  December 2017 Three year review
Adoption Date  Unavailable Policy Adopted

Approval

This policy is approved by:

Last Updated 2/5/18

Close mobile navigation