Skip to main content
Sign In |
  Help (new window)

Policies

Go Search
Home
  
Policies > Wiki Pages > Password and PIN Security Policy  

Password and PIN Security Policy

View All Site Content

Recent Changes

Purpose:

The purpose of this policy is to establish secure guidelines for password and PIN administration.

 

 

 

Statement:

Passwords and PINs must be properly structured, routinely changed, and kept strictly confidential.

 

 

 

Description:

  • Each individual user must keep their passwords and PINs for all accounts secret. At no time are user IDs, passwords, or PINs to be shared with others.
  • Passwords will not be displayed on screens as they are entered.
  • Passwords and PINS must be changed whenever there is any indication of possible system or password compromise.
  • Passwords and PINs must be encrypted when held in storage for any significant period of time or when transmitted across the network.
  • Passwords and PINs must never be embedded in sign-on utilities; users must never be able to authenticate at sign-on by using a function key or running an available program.
  • Passwords and PINs must have a minimum length of 8 characters, including at least on upper, one lower and one numeric. 
  • Passwords which allow access to the SIS database (Colleague) must contain at least 8 characters of which 2 must be alpha characters and 1 must be numeric; the password cannot be any variation of the user ID.
  • Passwords and PINs must be changed every 90 days.
  • Initial passwords which allow access to our SIS database (Colleague) must be marked as expired, and users must be required to change the password/PIN at the first use.
  • User-chosen passwords and PINs must not be reused for 10 iterations.
  • Guest passwords or PINs issued by the help desk or administrator must be changed on a daily basis.
  • Students may obtain their original usernames and passwords at the IT Help Desk, by visiting the College's website, or by USPS mail. See Password Notification.
  • Students may reset their password by visiting the College's website, or, for computers that are part of the WSC domain, by pressing Control+Alt+Delete and selecting the change password option.
  • Users with access to the SIS database (Colleague) must contact the help desk for a manual password reset; this requires positive identification.
  • A clear-text user ID and associated password must never be delivered in a single message or via the same medium.

 

 

 

Additional Information:

 

 

Approved By: Don Vescio

 

 

Date of Origination: 5/8/2008

 

 

Last modified at 10/19/2010 8:47 AM  by Reardon, Jack