Purpose:
To ensure the integrity of WSU network resources from unauthorized access.
Statement:
In order to comply with state and federal guidelines (FERPA, HIPPA, and many more), Worcester State University has established a password expiration policy for the campus' network and system resources.
Description:
Users will be asked to reset their passwords every 90 days since their last password change. The advantage of timed expiration is that the password clock starts over each time a user changes his or her password.
HR will inform IT (via Helpdesk) of Employee Terminations/Job Actions/Resignations , immediately as information becomes available, and accounts will be disabled/removed as appropriate.
Users deemed to be 'secure financial/data users' must use complex password creation based on current best practice strategies available.
Additional Information:
- The timed expiration policy will apply to both WSU network passwords (which are used to login to computers, access email, the Community System, VPN, etc.) and Colleague. After 8 failed attempts (4 on Community System/Blackboard) at logging in with a password, user will need to wait 30 minutes before reattempting login.
- When a user's password expires, he/she will see a simple dialogue box when attempting to login to a system. This dialogue box enables the user to quickly change his/her password.
- Users can change their passwords at anytime by visiting the password reset application, which is available on the Community System's initial login page. Exception: Colleague passwords can be changed using the XPWD screen -Expired Colleague passwords require a call to the HelpDesk for manual reset.
- Effective Policy Change: (ACL) accounts: March 1, 2008. FacStaff accounts: February 15, 2008.
- Note: Strong password requirement implemented November 17, 2008 for all users of WSU resources.
Approved By: Managers & CIO
Date of Origination: 2.1.2008
Revised: 3.6.2012
|
Last modified at 3/6/2012 4:41 PM by Ramsdell, Nancy
|
|