Password Policy
1.0 Purpose
This Supporting Policy requires the use of robust passwords that must be changed at predetermined intervals. Passwords are an essential aspect of the security of the Colleges’ Electronic Resources and they provide an important first line of protection for the Electronic Resources, Institutional Data, and intellectual property that resides at the College. Having a strong password is one way that each User can contribute to the community’s overall security. Strong passwords help the College prevent unauthorized or inappropriate access to various Electronic Resources like email accounts, online library resources, student information systems, financial records, file repositories, learning management systems, and administrative/transactional systems
2.0 Scope
This Supporting Policy applies to all Keuka College (or the “College”) community members and Users, as defined in the Colleges’ Responsible and Acceptable Use Policy, that are provided with credentials (i.e. username and password) to access the Colleges network, technology infrastructure, or resources as defined in the Colleges’ Acceptable Use Policy. This Supporting Policy is intended to supplement the Acceptable Use Policy; consequently, any defined terms within this policy have the same meaning as their definition in the Acceptable Use Policy.
3.0 Policy
3.1 Password Specifications
All Users must maintain a password that meets three (3) of the following minimum requirements:
- Must be a minimum of 8 characters
- At least one upper case alphabetic character (A-Z)
- At least one lower case alphabetic character (a-z)
- At least one number
- At least one symbol
- No blank spaces
- Cannot match your last four passwords
- Should not contain your first name, last name, or username
3.2 Password Expiration
Passwords will automatically expire after 180 days and must be changed. Password reset instructions can be accessed at our account-assistance page here.
3.3 General Password Guidelines
All Users are expected to adhere to the following guidelines regarding their password.
- To help prevent identity theft, personal or fiscally useful information such as Social Security or credit card numbers should never be used as a user ID or a password.
- All passwords are to be treated as sensitive information and should therefore never be written down or stored on-line unless adequately secured.
- Passwords should not be inserted into email messages or other forms of electronic communication
- Passwords that could be used to access sensitive information must be encrypted in transit.
- The same password should not be used for access needs external to Keuka College (e.g., online banking, benefits, etc.).
- Individual passwords should not be shared with anyone, including administrative assistants or IT administrators. Necessary exceptions may be allowed with the consent of the IT Security Office and must have a primary responsible contact person. If a password is suspected to have been compromised, it should be changed immediately and the incident reported to the IT Security Office.
3.4 Account Administration Standards
In addition to the general password guidelines listed above, the following apply to account passwords, except where technically and/or administratively infeasible:
- Where technically and administratively feasible, attempts to guess a password should be automatically limited to 3 incorrect guesses. Access should then be locked for a minimum of ten minutes, unless a local system administrator intercedes.
- Failed attempts will be logged, unless such action results in the display of a failed password. Administrators will regularly inspect these logs for any irregularities or compromises and will be immediately reported to the Information Security Group.
3.6 Non-Compliance
Failure to comply with this Supporting Policy may result in actions as specified in the Acceptable Use Policy.
4.0 Example
If you are struggling to remember passwords, some common methods are to incorporate the application, with a phrase, and something memorable. Example password for Keuka College credentials. A birthday is January 3, 2011. A possible password could be “KeukaCollegeWasBornOn010311”. This password makes no logical sense, incorporates memorable numbers, and involves what the credentials are for.
Keuka College, Information Security Policy
Subject to change without notice – Click here for current updates
Last Revised 4/30/2019 – AHC