NWU Computer Account Management Account Password Policy

 Return to policies

Policy title:

NWU Computer Account Management Account Password Policy

Category:
Administration
Human Resources
Information Technology
Owner:
CS/IT
Approved by:
Administrative Council
Purpose of this policy

Individual computer accounts are at the foundation of Nebraska Wesleyan University’s data security and data access control strategy. NWU provides all faculty, staff and students with individual computer accounts. These accounts allow access to a wide variety of computing resources and are used to provide granular control over the access granted to institutional services and data. Account credentials, i.e. username and password, secure user access to these accounts.

This policy provides guidance for assuring that NWU account passwords comply with appropriate security standards.

Application of this policy

This policy applies to all NWU accounts provided to faculty, staff, students, contractors and volunteers and impacts all systems and services requiring authentication via user NWU account credentials.

Exceptions to this policy may be authorized only by the Director of Information Services Infrastructure with the advice and recommendation of the NWU Unix Systems Administrator and the express approval of the Vice President for Finance and Administration.

Policy statement

NWU Account Password Requirements

NWU account passwords must comply with the following structural requirements:

  • Passwords are case sensitive.
  • Minimum password length is 12 characters
  • Maximum password length is 28 characters
  • Passwords must include at least one character from each of these character types:
    • Upper case letters
    • Lower case letters
    • Numerals
  • Passwords MAY contain symbols, but limited to the following six (6)   ! . , / ~ =
  • Other symbols or spaces MAY NOT be included.

In addition, your NWU account password(s) should not contain your NWU username, common dictionary words, common phrases or references (for example, “PrairieWolf” or “GoBigRed”) or use the same character three or more times consecutively.

CSIT will conduct periodic password security audits to test the strength of NWU account passwords and will notify account holders of any passwords determined to be too weak.

NWU Account Password Aging

NWU account passwords may remain in use no longer than 120 days. Seven days prior to the expiration of the 120-day limit, NWU account holders will receive email reminders that their account password must be changed. Reminders will continue until the account password has been changed.

If an account password has not been changed prior to the end of the 120-day period, the user account will be locked and login will be prohibited. The account will be required to reset the account password to regain access to the account.

NWU account password resets and password changes should be performed through links on the CSIT web site at https://csit.nebrwesleyan.edu.

Review

This policy shall be reviewed at least annually or as required to assure consistent application to any new services or resources.

 

Last revised: