PASSWORD POLICY

       NEW PASSWORD POLICY, as of August 1, 2018: 

  1. All passwords will be managed by our TechNet portal when users logon to Technet / students website. Users will no longer be allowed to change passwords in Windows or in Web for Students/Faculty.
  2. Users will have a “Change Password” button inside Technet/Student portal page when they need to change their pw.  If a user has forgotten their password or cannot logon for some reason, they must use the “forgot password” button on the logon page. They will be prompted to authenticate with one of the authentication methods they have previously configured, such as security questions or mobile phone.
  3. Password length – currently minimum 8 characters, will increase to 14 characters effective November 1, 2018. Users will be prompted with the new requirement the next time their password expires. They will not be forced to change their password on Nov 1 unless it would have expired on that day.
  4. Password complexity – at least 3 of these: capital letters, lowercase letters, numbers, symbols
  5. Password expiration – 90 days, must wait 24 hours to change password a second time
  6. Password reuse – Users cannot use any of their previous 5 passwords
  7. If Help Desk or staff absolutely need to get a user’s password, the procedure will be for a staff member to change the pw, allow DoTs to access the account, and then set it so that the user is required to change the pw on their next access.
  8. Users are not allowed to use any part of their username in their password.
  9. Users are not allowed to use dictionary words; no legitimate words should be used in password
  10. Passwords must not be shared with ANYONE. Users cannot under any circumstance give their password to student employees or temporary workers.
  11. Passwords must never be written down. DoTS recommends the use of a password safe such as this free one: http://pwsafe.org. The Help Desk can assist with setting up this password safe.
  12. Passwords should never be sent through email.
  13. Users must answer security questions with legitimate answers – Users should not make up answers because they may need to use the answers later to unlock accounts
  14. Users should not use passwords for NEIT accounts that they use for personal accounts such as banking, online shopping, social media, etc
  15. No Dept of Tech Services employee will ever ask a user for their password; users will not be asked to share passwords with DoTS and they should not share passwords with anyone if they are asked.

Comments are closed.