Account security

IT Regulations and policies

Password security

The security and privacy of your account is your responsibility. You must adhere to the following rules regarding your account:

  • Do not reveal your password to anyone 
  • Do not allow friends or family to use your accounts
  • Do not reply to any emails asking for your login details 
  • Do not write down your password. If you have to write it down, be careful of where and how you store it. 
  • Do not login to a University PC then leave the area. During busy times, if a PC is found to be logged in but left unattended for 30 minutes, the PC will be logged out by support staff 

You are responsible for maintaining the security on your user accounts.  If you notice any unusual activity, or think that you user accounts have been compromised, reset your passwords immediately and contact the IT Helpdesk.

 

Password Restrictions

  • The maximum password age is 90 days. This is how long you can use a password before the system makes you change it.
  • The password history is set to five passwords. This is the number of unique new passwords that you have to use before you can reuse an old password.
  • Passwords must not contain all or part of your user account name.
  • All passwords must be between eight and sixteen characters and be a mixture of
    • UPPERCASE
    • lower case
    • Digits 0-9
    • Non-alphanumeric (%& _ *? and so on). 

      You must use a combination of at least three of these categories. For example:
      VeSPer21
      Or
      aCAdemy*
       
  • You will have a small number of attempts at logging in before the system locks you out.  If this happens, you will not be able to log in to the network until you contact the IT Helpdesk to unlock your account.

How to choose a strong password

It's vital that your passwords are secure, and known only by you. Here's some Do's & Don'ts that may help you create a secure password.

Dos

  • User both upper and lower case characters, digits, punctuation, and !@#$%^&* characters. The more complex and random the password is, the harder it is to crack.
  • Some of the best passwords are acronyms that are special to you. For example, if you have a daughter named Mary who is 11 years old, a sentence you might easily remember might be: My daughter Mary is 4 + 7 !, which would create the acronym password MdMi4+7! These create passwords that are essentially random but easy for you to remember.
  • Be wary of people hanging over your shoulder when you type your password. If you suspect someone of trying to get your password by watching you type it in, report them IT Helpdesk immediately.

Don'ts

  • Do not use a word in the English dictionary or a minor variation on that word. Good password cracking programs check the whole dictionary. 
  • Never tell your password to anyone. If you ever get an email from someone, even if they say they are the system administrator, asking for your password for any reason, report it to IT Helpdesk.
  • Never write your password down.
  • Never send your password through email.
  • Don't use simple patterns of adjacent letters on the keyboard. On the surface, qwerty or asdfgh may seem random, but crackers check many of these patterns as standard practice.

Bad Password Ideas
A spouse's name, a child's birth date, birth dayyour middle name (which you think no one knows about), your birth date (which you haven't told anyone about, so it "MUST" be safe), your Social Security Number, or similar forms of personal information. This includes mixing these pieces of information, such as using your birth year, your spouse's birth month and your birthday. These can be broken in several minutes of guessing, or after a few seemingly innocent conversations with your friends or family members.