.
 

IT Policies & Procedures

 

banner pushpins

     

Passwords on Computing Systems Managed by ITS

 

DIVISION: Administration and Finance

 

DEPARTMENT: Information Technology Services

 

SUBJECT: Passwords on Computing Systems Managed by Information Technology Services (ITS)

 

OBJECTIVE & PURPOSE:

To define guidelines for password use and maintenance for the users of computing systems managed by Information Technology Services (ITS) .

 

AUTHORITY:

None. This document is published as a supplement to the policy entitled Network Acceptable Use Policy and is for informational purposes only. It does not supersede or modify existing University policies and regulations.

 

OVERVIEW:

If you have been granted access to university computer resources, you have a responsibility to protect those resources from unauthorized or malicious use. Passwords are commonly employed to help you meet this responsibility, maintain the privacy of your files, and protect the integrity of your user name. However, if someone else learns your password, your access and reputation are no longer protected. Because of this, it is very important that you follow several guidelines to prevent other users from obtaining and using your password.

 

GUIDELINES:  

Select your password carefully. A poorly chosen password is easily guessed or observed, allowing full access to an intruder under your name. Due to advances in computing power and increases in the effectiveness of password crackers, longer passwords are significantly more secure. For this reason, you are required to use a 15-character or longer password. To make it easier to remember a long password, use a nonsensical sentence or phrase.

 

Keep in mind that Internet Native Banner (INB) does not accept leading numeric or special characters or passwords longer than 30 characters. If you use INB, ensure that you choose a password that begins with a letter, does not contain special characters, and is between 15 and 30 characters in length.

 

UNF passwords expire every 180 days. Do not repeatedly use the same password or set of passwords as this defeats the purpose of the change.

 

Never share your password with anyone. Your password is intended to give you an exclusive set of access privileges. It is also used to uniquely identify you and any actions you might take while using university resources. You can be held liable for any abuse, misuse, or unauthorized access that occurs under your name and password. It is your reputation that is on the line.

 

Never discuss or disclose your password to anyone. Information Technology Services (ITS) staff members will never ask you for your password, nor give out a password without proper identification. If asked for your password, do not provide it.

 

Never write down or post your password. Do not attach your password to a terminal, keyboard, or desk with a note or tape. If you cannot remember your password, practice your password in private, or select one which is easier to remember.

 

If you have any reason to believe your password has been obtained by someone else, you should change your password immediately. If you are unable to change the password, contact Information Technology Services (ITS) for assistance.

 

PROCEDURE:

An initial password is assigned when your account is first created. The initial password varies depending on the system or application. This initial password will be given to you in the form of printed directions, or in person by an Information Technology Services (ITS) staff member.

You may change your password at any time. You should follow the steps appropriate to the application or system you are using. Directions for Windows NT and UNIX users are given in the FAQ below. Please contact Information Technology Services (ITS) if you need additional assistance.

 

If you need to have your password reset, you should contact Information Technology Services (ITS) . You will need to establish your identity before any password requests will be honored.

 

FREQUENTLY ASKED QUESTIONS (FAQ):

1. I can't log in with my password. What should I do?
You should make sure you are using the correct password for the system or application that you are trying to access.
You should make sure that you are using the correct case (uppercase or lowercase) for each letter of your password. If your password contains numbers, you should ensure that your num-lock key is turned on. If none of this works, you will probably need to have your password reset. See the next question.
2. I forgot my password. What should I do? 
            Using Internet Explorer or Safari, go to myWings (UNF's portal) and click on the "Login Help" link located below the login area. Answer the appropriate questions to choose a new password.
3. My account is disabled. Why, and what should I do?
In accordance with University information security requirements, your account may be automatically disabled after too many unsuccessful login attempts, or if you do not log in over an extended period of time.
You will need to visit Information Technology Services (ITS) and prove your legal identity to have your account re-enabled.
4. How do I change my password?

If you are a faculty or staff member and are at your UNF-owned computer logged into UNF's network, you can press the <Crtl> and <Alt> and <Delete> keys simultaneously. Then choose "Change Password". Type in your old password and then type in your new password twice.

 

If you are a student or faculty or staff member not logged onto their UNF-owned computer, go to myWings (UNF's portal) and click on the "Login Help" link located below the login area. Answer the appropriate questions to change your password.   


If you encounter problems, or require further assistance, please contact Information Technology Services (ITS) (620-HELP).

5. How long should I make my new password?
Your password must be at least 15 characters, but no greater than 30 characters, in length. It must start with a letter and be followed by any combination of letters and numbers. It may include underscores, but it may not include any other special characters. 
6. What kinds of things are dangerous to use in my password?
You should never use any words in your password that can be easily guessed. This includes personal information, such as variations of your name, birthdates, names of relatives, or hobbies. You might be surprised at how easily such information can be obtained by interested parties.
7. Why can't I just re-use the same password?
University information security requirements forbid the re-use of an existing password. You must choose a new password when changing your password.
8. I have several passwords. Is it a good idea to use the same password everywhere?
No, because if someone obtains your password they will have access to everything. If you feel that your password is relatively strong and cannot be compromised, it might be okay to use it in several places at the same site, for example, UNF.
However, you should never use the same password between two different sites. For example, if you subscribe to an Online Service, your password there should be different from your password at UNF.
9. Does the case (uppercase/lowercase) matter?
To be safe, you should always assume that case is significant for any password that you are using.
10. Is it okay to share my password with my co-workers?
You should never share your password with anyone, not even your supervisors. Your account and associated privileges have been assigned for your use only. If another user requires access or additional privileges, Information Technology Services (ITS) will grant access to that user once properly authorized.

For further information, contact:
University of North Florida
Department of Information Technology Services (ITS) 
1 UNF Drive  
Jacksonville, FL 32224-2645

(904) 620-HELP

helpdesk@unf.edu

Issued
By


L. Taylor
Date
Issued


07/08/1997
Effective
Date


07/08/1997
Revised
By


J. Durfee
Revision
Number


3
Revision
Date


3/18/2005
Procedure