Password Policy

1.0 Overview

Passwords are an important aspect of computer security. They are the front line of protection for user accounts. A poorly chosen password can result in the compromise of Agnes Scott's entire campus network. As such, all Agnes Scott College faculty, staff, students, contractors and vendors with access to Agnes Scott College systems are responsible for taking the appropriate steps, as outlined below, to select and secure their passwords.

2.0 Purpose

The purpose of this policy is to establish a standard for creation of strong passwords, the protection of those passwords, and the frequency of change.

3.0 Policy

3.1 General

The following password creation guidelines are based upon experience and common sense. The software used to change passwords will screen for most of these guidelines as an aid in creating secure passwords.

Passwords will expire every 120 days. The system will notify a user upon login that their password is about to expire and give them the option to change it at that time.

The system will keep a history of the past six (6) used passwords by user and will not allow the user to reuse a previously used password.

Password resets for forgotten passwords can be done by the Help Desk, the owner of the account must come to the ITS Help Desk in Walters Hall, with a valid student or employee ID to have the account password reset.

3.2 Guidelines

A. General Password Construction Requirements

In general, a password should be as long as possible while still being easy-to-remember. The following password requirements have been established for constructing new passwords:

All network passwords must be a minimum of eight characters in length.

All network passwords cannot contain your user account name or parts or your full name.

Network passwords must contain characters from three of the following four categories:

English uppercase characters (A through Z)

English lowercase characters (a through z)

English lowercase characters (a through z)

Base 10 digits (0 through 9)

Non-alphabetic characters (for example, !, $, #, %)

B. Password Protection Standards

The following password protection standards have been established to maintain the security benefits associated with the password change policy.

Do not use the same password for Agnes Scott College accounts as for other non -Agnes Scott College access (e.g., personal ISP account, option trading, benefits, etc.).

Don't use the same password for various Agnes Scott College access needs.

Do not share Agnes Scott College passwords with anyone.

All passwords are to be treated as sensitive, confidential Agnes Scott College information.

Never reveal your password in an email message, even if asked. If someone demands your password, refer them to this document or the ITS Help Desk.

4.0 Enforcement

Any employee found to have violated this policy may be subject to disciplinary action.

Policy No.  585  Issued  7/22/2009