rnd_border

Password Policy

 

Purpose

Passwords are an important aspect of computer security. A poorly chosen password may result in the compromise of Trinity University's entire network. The purpose of having a password policy is to ensure a more consistent measure of security for Trinity's network and the information it contains. The implementation of this policy will better safeguard the personal and confidential information of all individuals and organizations affiliated, associated, or employed by Trinity University. Additionally, this policy establishes a standard for creation of strong passwords, the protection of those passwords, and the frequency of change of passwords.

Scope

The Password Policy applies to all persons accessing the Trinity University network regardless of their capacity, role or function. Such persons include students, faculty, staff, third party contractors, visitors (guests), consultants and employees fulfilling temporary or part-time roles.

Policy

  • All Trinity owned electronic devices must, if possible, have password protection enabled.
  • All passwords (e.g., email, web, voice mail, computer, PDA, BlackBerry, etc.) must be changed at least every 12 months. Individuals with access to critical areas of information will be required to change their T.U. password at least every 90 days. Such users will be identified by the Director of Information Technology Services. For example, employees of Trinity University with "change level access" to the university administrative system(s) will be required to change their passwords every 90 days.
  • Passwords must not be inserted into email messages or other forms of electronic communication and should not be shared with anyone, including via email or phone conversations.
  • Passwords should not be written down or stored electronically without encryption.
  • All passwords must be at least 8 characters long, contain at least 2 numbers or special characters, not be a word in the dictionary, and not be part of your name or user name. If the device or application does not permit a password to meet these criteria, the password should satisfy as many of these criteria as possible.

    • Guidelines and suggestions for creating strong passwords can be found at Guidelines for Good Passwords.


     
    rnd_border