I. OBJECTIVE & PURPOSE
To define guidelines for password use and maintenance for the users of University of North Florida computing systems.
II. STATEMENT OF POLICY
If you are granted access to University computer resources, you have a responsibility to protect those resources from unauthorized or malicious use. Passwords are commonly employed to help you meet this responsibility, maintain the privacy of your files, and protect the integrity of your username. However, if someone else learns your password, your access and reputation are no longer protected and your password must be changed immediately. The following standards apply to all systems used by UNF, including 3rd party hosted systems. Exemptions to policy must be endorsed by the Chief Information Security Officer (CISO) or their designee.
Select your password carefully. A poorly chosen password is easily guessed or observed, allowing full access to an intruder under your name. Due to advances in computing power and increases in the effectiveness of password crackers, longer passwords are significantly more secure. For this reason, you are required to use a 15 character or longer password. To make it easier to remember a long password, use a nonsensical sentence or phrase.
All default passwords are to be changed immediately to a unique password that complies with the 15 character or longer requirement.
All UNF passwords shall expire every 365 days and have password history enforced. Do not repeatedly use the same password or set of passwords as this defeats the purpose of the change.
Never share your password with anyone. Your password is intended to give you an exclusive set of access privileges. It is also used to uniquely identify you and any actions you might take while using University resources. You are liable for any abuse, misuse, or unauthorized access that occurs under your username and password.
Never discuss or disclose your password to anyone. Information Technology Services (ITS) staff members will *never* ask you for your password. If asked for your password, do not provide it, and report the event to IT Security.
Never write down or post your password. Do not attach your password to a computer, monitor, keyboard, or desk with a note or tape. If you cannot remember your password, practice your password in private, or select one which is easier to remember.
If you have any reason to believe your password has been obtained by someone else, you should change your password immediately. If you are unable to change the password, contact ITS for assistance.