Password Policy

Revision Number:

New Policy
Major Revision of Existing Policy
Minor/Technical Revision of Existing Policy
Reaffirmation/Review of Existing Policy

Effective Date:

7/8/1997

Revised Date:

7/17/2020

Review Date:

1/17/2020

Responsible Division/Department:
Office of the CIO / Information Technology Services

I. OBJECTIVE & PURPOSE

To define guidelines for password use and maintenance for the users of University of North Florida computing systems.

II. STATEMENT OF POLICY

If you are granted access to University computer resources, you have a responsibility to protect those resources from unauthorized or malicious use. Passwords are commonly employed to help you meet this responsibility, maintain the privacy of your files, and protect the integrity of your username. However, if someone else learns your password, your access and reputation are no longer protected and your password must be changed immediately. The following standards apply to all systems used by UNF, including 3^rd party hosted systems. Exemptions to policy must be endorsed by the Chief Information Security Officer (CISO) or their designee.

III. Passwords

Select your password carefully. A poorly chosen password is easily guessed or observed, allowing full access to an intruder under your name. Due to advances in computing power and increases in the effectiveness of password crackers, longer passwords are significantly more secure. For this reason, you are required to use a 15 character or longer password. To make it easier to remember a long password, use a nonsensical sentence or phrase.

All default passwords are to be changed immediately to a unique password that complies with the 15 character or longer requirement.

All UNF passwords shall expire every 365 days and have password history enforced. Do not repeatedly use the same password or set of passwords as this defeats the purpose of the change.

Never share your password with anyone. Your password is intended to give you an exclusive set of access privileges. It is also used to uniquely identify you and any actions you might take while using University resources. You are liable for any abuse, misuse, or unauthorized access that occurs under your username and password.

Never discuss or disclose your password to anyone. Information Technology Services (ITS) staff members will *never* ask you for your password. If asked for your password, do not provide it, and report the event to IT Security.

Never write down or post your password. Do not attach your password to a computer, monitor, keyboard, or desk with a note or tape. If you cannot remember your password, practice your password in private, or select one which is easier to remember.

If you have any reason to believe your password has been obtained by someone else, you should change your password immediately. If you are unable to change the password, contact ITS for assistance.