FalconNet Password Policy

Purpose

The Office of Information Technology is responsible for ensuring the security of the network and the data stored therein. As such, a standard for the creation and alteration of passwords exists to protect the safety and security of individuals’ accounts and college data.
 

This policy will help ensure that all user accounts are secured and data is protected within Cedar Crest College’s FalconNet network of systems and authentication. This policy governs all accounts, data, and systems that require a FalconNet username and password to access. 

This policy is in compliance with the NIST 2024 authentication and security guidelines.

Policy Statement

1. All passwords must comply with the following requirements:

• Minimum length should be at least 15 characters

• Must contain both UPPER and lowercase characters.

• Must include at least 1 number. "1"

• Must include at least 1 special (!@#$) character.

• Cannot include your username or given name.

• Must not contain 5 consecutive characters from your old password

• Cannot reuse any of the previous 5 passwords
   

2.    Passwords should be changed regularly. However, there is no policy to force a password change.

3.    Users on Windows-based computers will receive notification from their computer when they login at least 7 days before their passwords expire. The ability to change your password will be available at notification, or by hitting CTRL-ALT-DEL and selecting CHANGE PASSWORD. Other systems are incapable of this alert.

4.    All users should setup password reset and recovery within FalconLink.  Password recovery allows you to set up a secondary notification mechanism that will be used to recover your account if you forget your password. Users unable to register or reset their password via the automated system should contact the Help Desk for assistance.  Click here for more information.

5.    Every Cedar Crest College account is secured with MultiFactor Authentication that requires renewing tokens on individual devices every 45 days.
 

5.    Good Password Practices:

• Use a passphrase, not a password, such as: F!yE@glesfLy!

• Do not write down your password.  Use a Digital Locker instead.  IT can provide anyone with a license for Keeper Security Password Manager.  Click here to learn more.

• Do not use the same password that you use anywhere else.

• Do not share your password with others for any reason at any time (in e-mail, phone, or message).  This is a violation of the Acceptable Use Policy (see link below).

Remember: your FalconNet password gives others access to your e-mail and network related resources, as well as a number of cloud-based systems tied to the college. It should be safeguarded as sensitive information that allows access to private and protected information.
 

This policy exists in conjunction with the Acceptable Use Policy.