IT Resource Security Standards - Passwords
For systems connected to the campus network, the following password standards are to be followed:
- All passwords must have a
composition of at least eight (8) characters and should contain a
combination of letters, numbers and special characters
- Passwords on all general
user accounts (accounts where the user does not have elevated
Administrator rights) such as system/network access, Email, web access,
etc. are to be changed yearly. Administrator-level passwords should be changed every six (6)
- With the exception of
Public Key Infrastructure (PKI) or Single Sign-On technology,
Administrative-level passwords should be unique for each system.
- Where applicable, passwords on systems and applications should be set to auto expire. Grace logins can be applied to assist users in creating a new password, but the grace login period should not exceed five (5) attempts.
Password renew periods will be left to the discretion of the departments and system Administrators that have responsibility for account management under their control.