In an effort to provide a more secure computing environment, ITServices is implementing a password security policy for staff and faculty. The following is a brief description of the new policy requirements:
Enforce password history 5 passwords remembered
Maximum password age 180 days
Minimum password age 1 day
Minimum password length 8 characters
Strong passwords are required
(You may only change your password once a day and you may not reuse any of your the last five passwords. You will be required to change your password every 120 days.)
Strong passwords must meet the following minimum requirements:
Not contain all or part of the user's account name
Not contain recognizable words i.e.: Mike, Suzie, Gateway, Mazda.
Be at least eight characters in length
Contain characters from three of the following four categories:
English uppercase characters (A through Z)
English lowercase characters (a through z)
Base 10 digits (0 through 9)
Non-alphabetic characters (Only these are allowed: ! % * + , – / : ? _ because of compatibility with Banner)
Experience shows that Banner will definitely fail if you use @ ' " &
An example of a complex password is J*p2leO4-F
Note: The complex password requirements are enforced when passwords are changed or created.
Link to Password Tips and Examples
How to Change Your Password on Windows 2000 or XP
How to Change Your Password using Outlook Web Access
Links to Webcogs Password Generator or WinGuides Password Generator
Account Lockout Policy
- Account lockout after five (5) failed login attempts
- Account lockout duration 15 minutes
- Account reactivated after 15 minutes
Best practices for account protection
- Never share passwords with anyone.
- Never allow others to use your account for any reason. If a person does not have an account of their own, they may request one from ITServices.
- Change your password immediately if you think it has been compromised.
- If passwords must be written down on a piece of paper, store the paper in a secure place and destroy it when it is no longer needed. Treat your password like you would your personal credit card.
- Be careful where passwords are saved on computers. Some dialog boxes, such as those for remote access and other telephone connections present an option to save or remember a password. Selecting this option poses a potential security threat.
- Use the Windows password protected screen saver.
- Lock your desktop when you are away from your computer.
Note: You are responsible for your user account. If your account is used in an inappropriate manner by you or others, you will be held accountable.