CREDENTIAL SECURITY

Issued by:

Office of the Chief Information Officer

SCOPE

This policy applies to all systems that use authentication for accessing University resources.

POLICY

Passwords are the frontline of protection for user accounts. A poorly chosen password may compromise the University’s entire network. As such, all persons accessing University information technology resources must take appropriate steps to select and safeguard their passwords. Users must select “secure” passwords that are not easy to guess by persons who know the system or the user, and that are not ‘cracked’ easily by automated password cracking tools.

Users may not post or share passwords or other personal credentials that they may have for any account. Users must always use secure passwords that are changed periodically.

Users may not use someone else’s access information or credentials, such as user ID/password.

An application or server will not be connected to the campus network if the application or server does not allow for changing each password needed to access the application or server. Passwords must be changed periodically for servers that use only user ID/password authentication.

No system will be connected to the campus network unless all vendor supplied passwords have been changed from their default values.

INQUIRIES / REQUESTS:

Office of the Chief Information Officer
Room 231, Educational Communications Center
632 - 9085

Office of Computer Accounts
Room112 Computing Center
632 – 8011