Purpose
The Office of Information Technology has the responsibility for ensuring the security of the network and the data that is stored therein. As such, a standard for the creation and alteration of passwords exists in order to protect the safety and security of individuals accounts and college data.
This policy will help ensure that all user accounts are secured, and data is protected within the confines of Cedar Crest College’s FalconNet network. This policy governs all accounts, data and systems that require a FalconNet username and password to access. This policy is in compliance with the NIST 2017 Password standards.
Policy Statement
- All passwords must comply with the following requirements:
- Minimum length should be at least 10 characters
- Must contain both UPPER and lowercase characters.
- Must include at least 1 number. "1"
- Must include at least 1 special (!@#$) character.
- Cannot include your username or given name.
- Must not contain 5 consecutive characters from your old password
- cannot reuse any of the previous 3 passwords
- Passwords must be changed once per 365-day cycle (per year).
- Users on Windows-based computers will receive a notification from the system when they login at least 7 days before their passwords expire. The ability to change your password will be available at notification, or by hitting CTRL-ALT-DEL and selecting CHANGE PASSWORD. Other systems are incapable of this alert.
- All users should setup password reset and recovery within FalconLink. Password recovery allows you to set up a secondary notification mechanism that will be used to recover your account if you forget your password. Users unable to register, or reset their password via the automated system should contact the Help Desk for assistance.
- Good Password Practices:
- Do not write down your password.
- Do not use the same password that you use on other websites.
- Do not share your password with others for any reason at any time (in e-mail, phone or message).
Remember: your FalconNet password gives others access to your e-mail and network related resources, as well as a number of cloud-based systems tied to the college. It should be protected as sensitive information that allows access to private and potentially FERPA protected information.
This policy exists in conjunction with the Acceptable Use Policy.