Feb 08, 2025  
Policies 
    
Policies

Technology Division


08:13:01 Computer Passwords

  1. Introduction: The purpose of this policy is to establish a minimum standard for creation of strong passwords and the protection of those passwords.
  2. A combination of a username, a password, and a multi-factor authentication (MFA) method for authentication will be required of all users before they are allowed access to institutional networks and systems.
  3. The effectiveness of passwords to protect access to the institution’s information directory depends on strong construction and handling practices, including new users promptly changing their initial password and establishing an MFA method.
  4. All users must report any of the following events to the Technology Help Desk:
    1. Unauthorized password discovery or usage by another person;
    2. System compromise (unauthorized access to a system or account);
    3. Insecure transmission of a password;
    4. Accidental disclosure of a password to an unauthorized person;
    5. Status changes for personnel with access to privileged and/or system accounts.
  5. All users are encouraged to use a password manager (such as 1Password) to securely store all work-related passwords.  Some divisions of the College, such as the Technology division, may mandate the use of a specific password manager. 
  6. All passwords must be a minimum of 14 characters long.  Passwords meeting this length requirement, and with MFA enabled on the account, are not required to be changed at regular intervals.  Certain third-party systems may impose stricter password requirements.

 

Submitted to Policy Review Committee on September 23, 2024

Submitted to Policy Review Board on October 25, 2024

Approved by Policy Review Board on November 20, 2024 

 

Previous Versions:

Approved by the Policy Review Board on April 13, 2022

Approved by Policy Review Board on April 21, 2021

Approved by Policy Review Board on July 31, 2019

Approved by Policy Review Board on December 6, 2018