Access to campus network resources and data is restricted. Access is granted via user identification, authentication and authorization using network accounts and passwords. The resources are only as secure as the credentials used to gain access. It is therefore critical that user passwords be kept secret and be reasonably complex or "strong."
Campus Technology Services staff has the authority to:
- Impose minimum standards for password length and complexity
- Require passwords to be changed at a given frequency
- Enforce password history
- Revoke access privileges for non-adherence to policy
If a user password is not changed when the maximum age has been reached, the user will not be able to log on until the password is changed and meets the complexity guidelines.
Passwords are subject to random complexity tests. If an existing password is found failing to meet the complexity guidelines, the associated account will be disabled.
Any unauthorized access to network resources resulting from divulging or deciphering a password may result in disciplinary action and criminal prosecution.
If a user feels that an action (see Procedures) taken against him/her is unjustified, she/he may request a review of the decision by the Chief Information Officer. If, after the review, there is still a disagreement with the decision, it may be further reviewed by the Provost.
- Passwords must contain at least one digit and one lower and upper case letter.
- A user cannot reuse their last five passwords.
- Passwords shall be at least twelve characters in length.
- Users will be asked to change their password once per semester.