Password Integrity Guidelines
Passwords are access keys, help to prove you are who you say you are, and help to ensure your privacy. Compromised passwords provide access to systems for unauthorized personnel. For that reason, the State University of New York at Fredonia computer users are encouraged to create and use strong passwords in accordance with the following password integrity guidelines:
- Initial password is randomly generated and displayed for each user in the secured "Your Connection" web interface. This interface is secured with a PIN that is specific to each new user.
- Your Connection PIN change is forced after initial login. User may change initial password if desired following the guidelines below.
- Use at least eight characters whenever possible.
- NOT ALLOWED to use any portion of user's first name, last name, or userid.
- A mixture of three of the following is required: English uppercase characters, English lowercase characters, base 10 digits (0-9), non-alphanumeric characters (!,$,#,%).
- Make password easy to remember but difficult for someone to guess. Do not reveal yourself in developing a password (don't use social security number, birth date for yourself or a significant individual in your life, address or telephone number). Using a "pass phrase" is a good way to develop a password. This example of using the pass phrase "Do you know the way to San Jose?" to develop the password D!Y!KtwTSJ? comes from the Duke University guidelines.
- Never share your password (this includes system administrators, account managers, and friends). Never provide access to systems for other individuals using your logon identity.
- Never write your password down.
- Change your password if you have shared it with anyone else or if you wrote it anywhere. It is also advisable to change the password if you logged into the Fredonia system from a remote location without using an encrypted login program.
- Password aging is the act of changing a password on a regular basis and is required for users logging into the Campus Information System (CIS) forms or Dec Alpha hardware due to the confidential nature of data stored in this system. (As recommended by the Banner Steering Committee following review of state audit guidelines.) Password aging is recommended but not forced for all other access to Fredonia electronic resources.