FalconNet Password Policy

Purpose

The Office of Information Technology has the responsibility for ensuring the security of the network and the data that is stored therein.  As such, a standard for the creation and alteration of passwords exists in order to protect the safety and security of individuals accounts and college data.

This policy will help ensure that all user accounts are secured, and data is protected within the confines of Cedar Crest College’s FalconNet network.  This policy governs all accounts, data and systems that require a FalconNet username and password to access.  This policy is in compliance with the NIST 2017 Password standards.

Policy Statement

  1. All passwords must comply with the following requirements:
    • Minimum length should be at least 10 characters
    • Must contain both UPPER and lowercase characters.
    • Must include at least 1 number. "1"
    • Must include at least 1 special (!@#$) character.
    • Cannot include your username or given name.
    • Must not contain 5 consecutive characters from your old password
    • cannot reuse any of the previous 3 passwords
       
  2. Passwords must be changed once per 365-day cycle (per year).
     
  3. Users on Windows-based computers will receive a notification from the system when they login at least 7 days before their passwords expire. The ability to change your password will be available at notification, or by hitting CTRL-ALT-DEL and selecting CHANGE PASSWORD. Other systems are incapable of this alert.
     
  4. All users should register for the password reset system at http://password.cedarcrest.edu. Users unable to register, or reset their password via the automated system should contact the Help Desk for assistance.
     
  5. Good Password Practices:
    • Do not write down your password.
    • Do not use the same password that you use on other websites.
    • Do not share your password with others for any reason at any time (in e-mail, phone or message).

Remember: your FalconNet password gives others access to your e-mail and network related resources, as well as a number of cloud-based systems tied to the college. It should be protected as sensitive information that allows access to private and potentially FERPA protected information.

This policy exists in conjunction with the Acceptable Use Policy.

Details

Article ID: 56091
Created
Mon 6/18/18 3:00 PM
Modified
Wed 8/29/18 1:35 PM