University Policies

Password and PIN Security Policy

University Technology Services
University Technology Services

The purpose of this policy is to establish secure guidelines for password and PIN administration.

Passwords and PINs must be properly structured, routinely changed, and kept strictly confidential.

  • Each individual user must keep their passwords and PINs for all accounts secret. At no time are user IDs, passwords, or PINs to be shared with others.
  • Passwords will not be displayed on screens as they are entered.
  • Passwords and PINS must be changed whenever there is any indication of possible system or password compromise.
  • Passwords and PINs must be encrypted when held in storage for any significant period of time or when transmitted across the network.
  • Passwords and PINs must never be embedded in sign-on utilities; users must never be able to authenticate at sign-on by using a function key or running an available program.
  • Passwords and PINs must have a minimum length of 8 characters, including at least on upper, one lower and one numeric. Note: Passwords which allow access to the SIS database (Colleague) cannot be any variation of the username ID.
  • Passwords and PINs must be changed every 90 days.
  • Initial passwords which allow access to our SIS database (Colleague) must be marked as expired, and users must be required to change the password/PIN at the first use.
  • User-chosen passwords and PINs must not be reused for 10 iterations.
  • Guest logins are available and issued by the help desk or a UTS administrator and be changed on a routine basis.
  • Users may reset their password by visiting the Community System website and using the Reset password option.
  • Users with access to the SIS database (Colleague) must contact the help desk if a manual password reset is required; this requires positive identification.
  • A clear-text user ID and associated password must never be delivered in a single message and/or via the same medium.

Additional Information: See also Password Notification.