| Category | Communications Computing and Technology |
|---|---|
| Responsible Unit | Brockport Information & Technology Services |
| Responsible Cabinet Member | VP for Administration & Finance |
| Adoption Date | Unavailable |
| Last Revision Date | |
| Last Review Date |
Policy Statement
The University has established a common mechanism - the NetID and corresponding password - through which individuals can uniquely identify themselves to the University, and through which the University can offer them the electronic services to which they are entitled.
Purpose/Scope
In order to protect University information, computers and networks from unauthorized access, the University must take reasonable steps to ensure that passwords are protected.
The password requirements listed in this policy apply to all NetID accounts, and are considered a best-practice recommendation for other accounts. The password protection requirements listed in this policy apply to NetID and other passwords, PINs, or other credentials that exist to identify and authorize an individual for access to accounts, computers or systems meant for that person alone. Group accounts (e.g. an e-mail address for a student group), or resources assigned to more than one individual in an office or department (e.g. a voicemail password on the departmental extension) are excluded from the password protection requirements to the extent necessary to facilitate sharing of these resources among people who need to access them.
Where possible, these requirements are automated into University systems and processes.
Applicability
There is no applicability provided for this policy at this time
Definitions
There are no definitions for this policy at this time.
Policy Procedures
Password Protection Requirements
The following action is prohibited:
- Reusing one of 4 previous passwords for the same account.
The following actions place passwords at risk, and are strongly discouraged:
- Writing passwords down.
- Sending passwords through email.
- Storing passwords in a document that is not encrypted.
- Telling your password to someone else, in person or over the phone.
- Hinting at the format of your password.
- Revealing your password on a form on the Web, other than to log into a University system to which you have access.
- Using your University password for non-University accounts.
The following action is required:
- Change passwords every six months.
- To change your password, see our NetID Look up and Password Change Tool.
In addition, students, faculty and staff are strongly encouraged to take certain actions to protect University passwords:
- Be careful about letting someone see you type your password.
- Report any suspicion of your password being compromised to the IT Service Desk.
- If anyone asks for your password, report that person to the IT Service Desk.
NetID Password Requirements
Passwords should not contain:
- Common acronyms
- Common words or reverse spelling of words
- Names of people or places
- Part of your login name (NetID)
- Parts of numbers easily remembered (e.g. phone numbers, social security numbers, street addresses)
- Spaces
Passwords must contain:
- At least 8 total characters
- Capital and lowercase letters
- At least 2 numbers or special characters
Links to Related Procedures and Information
There are no links for this policy at this time.
Contact Information
Policy Questions
Questions about the University Policy on Password Protections and Standards can be addressed to the IT Service Desk: (585) 395.5151 option 1, through our self-service portal, Service Now (login required).
History (in descending order)
| Item | Date | Explanation |
|---|---|---|
| Next Review Date | 2019-12 | Five-year review |
| Adoption Date | Unavailable | Policy Adopted |
Approval
There are no approvals for this policy at this time.