UNIVERSITY OF NORTH FLORIDA
POLICY

DIVISION: Administration and Finance

DEPARTMENT: Information Technology Services

SUBJECT: Passwords on Computing Systems Managed by Information Technology Services (ITS)

OBJECTIVE & PURPOSE:

To define guidelines for password use and maintenance for the users of computing systems managed by Information Technology Services (ITS) .

AUTHORITY:

None. This document is published as a supplement to the policy entitled Network Acceptable Use Policy and is for informational purposes only. It does not supersede or modify existing University policies and regulations.

OVERVIEW:

If you have been granted access to university computer resources, you have a responsibility to protect those resources from unauthorized or malicious use. Passwords are commonly employed to help you meet this responsibility, maintain the privacy of your files, and protect the integrity of your user name. However, if someone else learns your password, your access and reputation are no longer protected. Because of this, it is very important that you follow several guidelines to prevent other users from obtaining and using your password.

GUIDELINES:

Select your password carefully. A poorly chosen password is easily guessed or observed, allowing full access to an intruder under your name. You should select a password which contains at least six characters, and which consists of a combination of letters, numbers, and punctuation in mixed cases, if possible. Don't use easily guessed names, words, or dates since information about you, your family, and your associates can be obtained without too much difficulty.

Change your password frequently. In some cases, you will be forced to change your password before you can continue. In other cases, you should change it every three months at a minimum. Do not repeatedly use the same password or set of passwords as this defeats the purpose of the change.

Never share your password with anyone. Your password is intended to give you an exclusive set of access privileges. It is also used to uniquely identify you and any actions you might take while using university resources. You can be held liable for any abuse, misuse, or unauthorized access that occurs under your name and password. It is your reputation that is on the line.

Never discuss or disclose your password to anyone. Information Technology Services (ITS) staff members will never ask you for your password, nor give out a password without proper identification. If asked for your password, do not provide it.

Never write down or post your password. Do not attach your password to a terminal, keyboard, or desk with a note or tape. If you cannot remember your password, practice your password in private, or select one which is easier to remember.

If you have any reason to believe your password has been obtained by someone else, you should change your password immediately. If you are unable to change the password, contact Information Technology Services (ITS) for assistance.

PROCEDURE:

An initial password is assigned when your account is first created. The initial password varies depending on the system or application. This initial password will be given to you in the form of printed directions, or in person by an Information Technology Services (ITS) staff member.

You may change your password at any time. You should follow the steps appropriate to the application or system you are using. Directions for Windows NT and UNIX users are given in the FAQ below. Please contact Information Technology Services (ITS) if you need additional assistance.

If you need to have your password reset, you should contact Information Technology Services (ITS) . You will need to establish your identity before any password requests will be honored.

FREQUENTLY ASKED QUESTIONS (FAQ):

1. My account doesn't ask for a password. Do I need one?

Absolutely. If there is not a password on your account, it constitutes a serious security risk. Please contact your local administrator or Information Technology Services (ITS) immediately so that a password can be assigned.

2. I can't log in with my password. What should I do?

You should make sure you are using the correct password for the system or application that you are trying to access.

You should make sure that you are using the correct case (uppercase or lowercase) for each letter of your password. If your password contains numbers, you should ensure that your num-lock key is turned on.

If none of this works, you will probably need to have your password reset. See the next question.

3. I forgot my password. What should I do?

You will need to visit the Information Technology Services (ITS) ITS Help Desk in Building 15 in the Information Technology Services (ITS) Computer 2nd Floor Lab and prove your legal identity to have your password reset to the original default. If you need further directions, please feel free to contact our ITS Support Center at 620-HELP.

4. My account is disabled. Why, and what should I do?

In accordance with University information security requirements, your account may be automatically disabled after too many unsuccessful login attempts, or if you do not log in over an extended period of time.

You will need to visit Information Technology Services (ITS) and prove your legal identity to have your account re-enabled.

5. How do I change my password?

To change your local area network (NT) password on a computer running Windows 2000/XP, press the CTRL-ALT-DELETE keys on the keyboard simultaneously. A security window will appear. Click on the CHANGE PASSWORD button. It will prompt you for your new password. Type your old password and your new password twice.

To change your UNIX password, access OSPREY.UNF.EDU through a "telnet" or secure connection. After logging in, issue the "passwd" command. The system will respond: "Password for userid@OSPREY.UNF.EDU:" You should type in your current password (nothing you type will appear on screen) and then press the "Enter" key. The system will respond "Enter new password:" At this point, you should enter a new password that is at least 6 characters in length and be a combination of alphabetic and non-alphabetic characters and press the "Enter" key. The system will respond: "Enter it again:" Enter the new password again. If both entries match, your password will be changed successfully. If they do not, you will receive an error message ("Passwords not equal. passwd: Authentication token manipulation error") and need to try again.

If you encounter problems, or require further assistance, please contact Information Technology Services (ITS) (620-HELP).

6. How long should I make my new password?

Your password should always be at least 6 characters long. If it is too short, it can easily be observed or guessed by someone else. In most cases, there is no maximum length for your password. Of course, you will not want to make it too long to remember nor too tedious to type.

7. What kinds of things are dangerous to use in my password?

You should never use any words in your password that can be easily guessed. This includes personal information, such as variations of your name, birthdates, names of relatives, or hobbies. You might be surprised at how easily such information can be obtained by interested parties.

8. Why can't I just re-use the same password?

University information security requirements forbid the re-use of an existing password. You must choose a new password when changing your password.

9. I have several passwords. Is it a good idea to use the same password everywhere?

No, because if someone obtains your password they will have access to everything. If you feel that your password is relatively strong and cannot be compromised, it might be okay to use it in several places at the same site, for example, UNF.

However, you should never use the same password between two different sites. For example, if you subscribe to an Online Service, your password there should be different from your password at UNF.

10. Does the case (uppercase/lowercase) matter?

To be safe, you should always assume that case is significant for any password that you are using.

11. Is it okay to share my password with my co-workers?

You should never share your password with anyone, not even your s upervisors. Your account and associated privileges have been assigned for your use only. If another user requires access or additional privileges, Information Technology Services (ITS) will grant access to that user once properly authorized.

For further information, contact :
University of North Florida
Department of Information Technology Services (ITS)
4567 St Johns Bluff Road
Jacksonville, FL 32224-2645

(904) 620-HELP

ITS Help Desk@unf.edu

Issued By L. Taylor

Date Issued 7/8/97

Effective Date 7/8/97

Revised By J. Durfee

Revision Number 3

Revision Date 3/18/2005

Click on the link to go: