Password Controls
User passwords are the very first line
of defense against unwanted intrusions on computers and networked data systems.
Password protection is used on the corporate network, to ensure that only
authorized users can access it or any desktop systems of the Company.
Currently, the following password criteria must be met:
- All passwords must be at least six
characters in length.
- Passwords must be changed every 90
days. An employee may elect to change their password at
any time; each time a password is changed, a new 90-day expiration period
goes into effect. If a password is not changed within 90
days, the user will be locked out of the network, and will be unable to log
in until the password is manually reset by an administrator.
- Secure passwords protect the
integrity of each network users’ personal data, access to their email
account, and to their network storage location, the U:-drive. Each
user should guard their password carefully, and never share it with
any other person. Fourteen days before a user's password will
expire, he/she will get a notice when they log in that their
password will "expire in XX days". The notice will
appear each time they log into the network, until they have changed their
password. It will ask them if they want to change it at that
time, and they can change it then. Otherwise they can choose to
wait until a later time. Each day that passes and the password is
not changed, the time to expiration will be decremented by one day. If
the countdown expires and the user has not changed their password yet, they
will no longer be able to log in, until their password is reset
manually by an administrator. If this ever becomes necessary, the
user will be given a temporary password, and they will be required to
change it again after they first log in with the temporary one.
- When choosing a password, avoid
selecting common words found in the dictionary.
- Do not use any part of your name or
userid.
- Passwords cannot be repeated.
- Do not write down your password and
leave it in a conspicuous location, such as taped to your monitor or
cabinet, or underneath your mousepad. If you choose to
write a new password down until you get familiar with it, place that piece
of paper in your wallet or purse so it is always with you, and difficult for
others to access.
- Never include your password in email
messages, which are very insecure. Networks can be
“sniffed” and passwords can be easily readable in email; they travel to
their destination unencrypted.
|