Office of Technology

Password Policy

Overview

Passwords are an important component of information and network security. Computer and network security has emerged as the predominant challenge for the information age. The use of a username and password combination serves to identify and authenticate a user to system resources and information assets. It is only through authenticated access that the University can be assured that systems and data are being used appropriately. Lewis University assigns a unique, unchangeable username to every user, but the password is user controlled. As such, passwords must be constructed, used and protected appropriately to ensure that the level of security they imply is actually met.

Purpose

This policy describes Lewis University's requirements for password resets and acceptable password selection and maintenance. Its purpose is to reduce overall risk to the institution by helping computer users reasonably avoid security and privacy risks that result from the use of default and weak passwords.

Scope

This policy applies to all users of Lewis University-owned and maintained systems and Lewis University-provided IT services and resources. This includes, but is not limited to Lewis University faculty, staff and students. Resetting your network password will change your active directory authenticated passwords including passwords for network, E-Mail, Blackboard, Campus Anyware(Online Records), and myCampus Portal.

New User Default Passwords

  • New user passwords will include the following:
    • Lu*
    • Date of Birth (mmddyyyy format)
    • Lewis University ID #

      • For example = Lu*02291996234567890 for a user whose birthday is February 29, 1996 and whose Lewis ID# is 234567890
  • On first use, new users are strongly encouraged to change the default password to another "medium complexity" password.
    • Must be at least 8 characters in length.
    • Must contain at least one Upper Case Letter.
    • Must contain at least one Lower Case Letter.
    • Must contain at least one Number.
    • Must contain at least one Special Character.
    • Cannot include your First Name, Last Name, or username.

Password Protection Guidelines

  1. Upon receiving a new password, immediately change it from the default to something of your choice.
  2. Periodically change your password even if you are not prompted to do so.
  3. Never share your password with others.
  4. Do not allow others to log in to a computer using your Lewis University credentials.
  5. It is preferable that you do not write down your password. If you do, keep it in a secure, out-of-sight location.
  6. Never send a password through email.
  7. Never include a password in a non-encrypted stored document.
  8. Never reveal your password over the telephone.
  9. Never hint at the format of your password.
  10. Never reveal or hint at your password on a form on the internet.
  11. Never use the "Remember Password" feature of application programs.
  12. Never use your network/email password on an account over the internet which does not have a secure login. A secure login web browser address starts with https:// rather than http://.
  13. Report any suspicion of your password being stolen to the Office of Technology department.
  14. Do not use common acronyms as part of your password.
  15. Do not use common words, dictionary words or reverse spelling of words in part of your password.
  16. Do not use names of people or places as part of your password.
  17. Do not use part of your username in your password.
  18. Do not use parts of numbers easily remembered such as phone numbers, social security numbers, street addresses or zip codes
  19. Be careful about letting others see you type your password.