|
Feb 08, 2025
|
|
|
|
Policies
Technology Division
|
|
08:13:01 Computer Passwords
|
|
- Introduction: The purpose of this policy is to establish a minimum standard for creation of strong passwords and the protection of those passwords.
- A combination of a username, a password, and a multi-factor authentication (MFA) method for authentication will be required of all users before they are allowed access to institutional networks and systems.
- The effectiveness of passwords to protect access to the institution’s information directory depends on strong construction and handling practices, including new users promptly changing their initial password and establishing an MFA method.
- All users must report any of the following events to the Technology Help Desk:
- Unauthorized password discovery or usage by another person;
- System compromise (unauthorized access to a system or account);
- Insecure transmission of a password;
- Accidental disclosure of a password to an unauthorized person;
- Status changes for personnel with access to privileged and/or system accounts.
- All users are encouraged to use a password manager (such as 1Password) to securely store all work-related passwords. Some divisions of the College, such as the Technology division, may mandate the use of a specific password manager.
- All passwords must be a minimum of 14 characters long. Passwords meeting this length requirement, and with MFA enabled on the account, are not required to be changed at regular intervals. Certain third-party systems may impose stricter password requirements.
Submitted to Policy Review Committee on September 23, 2024
Submitted to Policy Review Board on October 25, 2024
Approved by Policy Review Board on November 20, 2024
Previous Versions:
Approved by the Policy Review Board on April 13, 2022
Approved by Policy Review Board on April 21, 2021
Approved by Policy Review Board on July 31, 2019
Approved by Policy Review Board on December 6, 2018
|
|
|