Information Technology

Password Security Policy

Policy

Individuals must change their initial account passwords. When the accounts are created, Information Technology will provide initial passwords to enter the accounts. Individuals must then log in and change their passwords.Individuals must not share their passwords with others unless the account is designated for use by multiple individuals (e.g. work study accounts or department accounts). Individuals must not engage in activity outside the limits of access that have been authorized for them. This includes but is not limited to:

  • Revealing a password for any account, including one's own personal account.
  • Permitting the use of any account, including one's own personal account, in a way that allows unauthorized access to resources (e.g. logging in for someone else).

Individuals must change their passwords every 90 days. Information Technology Services will create utilities to make it easy for individuals to change their account passwords by prompting them upon login when their password is expired.Individuals must not post their passwords on or near the computer.

Individuals should not write their passwords down. You are encouraged to follow the few simple guidelines listed below to create passwords which are difficult to guess but are easily remembered.

New passwords will be provided only when the identity of the requester can be clearly established.

Enforcement

Information Technology will, whenever reasonably possible, configure accounts for automatic password expiration and set other options to encourage or remind individuals to change their passwords. IT will do what they can to help individuals to succeed in following the policy.

Violations of this policy may be referred to appropriate administrative offices for disciplinary action. Violators may be subject to disciplinary outcomes as outlined in the Student Handbook and Employee Handbook. In addition to the other sanctions outlined in the handbooks, one possible outcome is the restriction or suspension of access privileges.

Procedures

I. Password change request procedures.

Procedures for processing password requests strive to balance security requirements and user convenience. These procedures will be followed by Information Technology staff and student workers for all password requests (including new, changed or forgotten passwords) for access to the College’s network and e-mail.

Under no circumstances will new passwords be provided by telephone.

The Information Technology staff will be pleased to handle requests made in one of the following ways:

Requests may be made in person at Information Technology [Cressman Library, main floor] 8:30 a.m. – 8:00 p.m. Monday-Friday. Photo identification is required.

Requests may be faxed to Information Technology at 610.740.3768 8a.m. – 8 p.m. Monday-Friday. The fax must include a copy of your photo identification and signature.

When applicable, confirmation will be sent to user by e-mail or phone when a password change is completed. Please allow 1 business day for password change.

A network manager must approve any password change requested by a faculty or staff user's supervisor. Confirmation will be sent to user when a password change is completed at the request of a supervisor.

II. Password Protection Responsibilities

  • System administrators and users assume the following responsibilities:
  • System administrator must protect confidentiality of user’s password.
  • User must manage passwords according to the Password Guidelines
  • User is responsible for all actions and functions performed by his/her account.
  • Suspected password compromise must be reported to Information Technology immediately.

Password Guidelines

Select a Wise Password

To minimize password guessability:

  • Do not use any part of the account identifier (username, login ID, etc.).
  • Do not use a proper name or any word in the dictionary without altering it in some way.
  • Do not use a name (e.g. name of family member, pet, or a nickname), or a word that someone would use to describe your interests (e.g. sports names, hobbies, major). Remember, passwords should not in any way relate to you, otherwise, they would be easier to guess by someone who knows you.
  • A password is harder to crack if you utilize several of these selection techniques:
  • Use 5 or more characters.
  • Use mixed case.
  • Use two or three short words that are unrelated (do not use spaces).
  • Deliberately misspell words.
  • Take the first letter from each word of a phrase.
  • Include at least two digits.
  • Keep Your Password Safe
  • Do not tell your password to anyone.
  • Do not let anyone observe you entering your password.
  • Do not display your password in your work area or any other highly visible place.
  • Change your password periodically (every 3 months is recommended).
  • Do not reuse old passwords.

Additional Security Practices

Ensure your workstation is reasonably secure in your absence from your office. Consider logging off or turning off your monitor when you leave the room.

Contact Information

For information on this policy, please contact the Information Technology Department at 610-606-4635  or ext. 3348 if on campus. You may also email us at helpdesk@cedarcrest.edu.

Return to Campus Policies