Regulations & Policies
Information Technology Services
Password Policy |
||
| Number: | 15.0080P |
Policy Status:
New Responsible Division/Department: Office of the CIO/Information Technology Services |
| Effective Date: | 07/08/97 | |
| Revised Date: | ||
I. OBJECTIVE AND PURPOSE OF POLICY
To ensure a more consistent measure of security for UNF’s network and the information it contains. The policy will also serve as a guideline for the creation of passwords, protection of those passwords and maintenance for users of UNF’s computing systems.
II. STATEMENT OF PROCEDURES
The University of North Florida provides a user account and access to applications on the network. Users, including third party hosted systems, will be required to follow the password strategies listed below.
- Select your password carefully. A poorly chosen password is easily guessed or observed, allowing full access to an intruder under your name. Due to advances in computing power and increases in the effectiveness of password crackers, longer passwords are significantly more secure. For this reason, you are required to use a 15 character or longer password. To make it easier to remember a long password, use a nonsensical sentence or phrase.
- All default passwords are to be changed immediately to a unique password that complies with the 15 character or longer requirement.
- UNF account passwords do not have a regular expiration time set. However, a password history shall be enforced. Do not repeatedly use the same password or set of passwords as this defeats the purpose of a password change.
- Never share your password with anyone. Your password is intended to give you an exclusive set of access privileges. It is also used to uniquely identify you and any actions you might take while using University resources. You are liable for any abuse, misuse, or unauthorized access that occurs under your username and password.
- Never discuss or disclose your password to anyone. Information Technology Services (ITS) staff members will *never* ask you for your password. If asked for your password, do not provide it, and report the event to IT Security.
- Never write down or post your password. Do not attach your password to a computer, monitor, keyboard, or desk with a note or tape. If you cannot remember your password, practice your password in private, or select one which is easier to remember.
- If you have any reason to believe your password has been obtained by someone else, you should change your password immediately. If you are unable to change the password, contact ITS for assistance.
Any policy exemptions must be endorsed by the Chief Information Security Officer (CISO) or their designee.