Office of Technology

Password Policy

Overview

Passwords are an important component of information and network security. Computer and network security has emerged as the predominant challenge for the information age. The use of a username and password combination serves to identify and authenticate a user to system resources and information assets. It is only through authenticated access that the University can be assured that systems and data are being used appropriately. Lewis University assigns a unique, unchangeable username to every user, but the password is user controlled. As such, passwords must be constructed, used and protected appropriately to ensure that the level of security they imply is actually met.

Purpose

This policy describes Lewis University's requirements for password resets and acceptable password selection and maintenance. Its purpose is to reduce overall risk to the institution by helping computer users reasonably avoid security and privacy risks that result from the use of default and weak passwords.

Scope

This policy applies to all users of Lewis University-owned and maintained systems and Lewis University-provided IT services and resources. This includes, but is not limited to Lewis University faculty, staff and students. Resetting your network password will change your active directory authenticated passwords including passwords for network, E-Mail, Blackboard and myLewis Portal.

New User Default Passwords

As a new member of the Lewis University community, you will receive information on how to access university resources for the first time with an assigned username and default password. After establishing your unique password per the password complexity guidelines below, you will be prompted to change your password every 180 days from the date your unique password was established, or from the date it was most recently reset. You will receive a message 14 days before your password expiration date reminding you to change your password before it expires.

You can have the ability to reset your own password, if forgotten, by registering and establishing your own unique responses to security questions at https://lewisu.okta.com/ . Please note you must first be able to log into this self-service password reset tool successfully to establish your security question responses before having the ability to use this self-service tool.

If you need assistance with your password or accessing university resources, please call the Service Desk at (815) 836-5950. Additional information will be requested to verify identification.

Establishing Sufficient Password Complexity

  • On first use, new users are strongly encouraged to change the default password to another "medium complexity" password.
  • Must be at least 8 characters in length.
  • Must contain at least one Upper Case Letter.
  • Must contain at least one Lower Case Letter.
  • Must contain at least one Number.
  • Must contain at least one Special Character.
  • Cannot include your First Name, Last Name, or username.

Password Protection Guidelines

  1. Upon receiving a new password, immediately change it to something of your choice given the password complexity recommendations provided above.
  2. Periodically change your password  sooner than the 180-day requirement.
  3. Never share your password with others.
  4. Do not allow others to log in to a computer using your Lewis University credentials.
  5. Always log off from a public-use computer such as in a computer lab.
  6. It is preferable that you do not write down your password. If you do, keep it in a secure, out-of-sight location.
  7. Never send a password through email.
  8. Never include a password in a non-encrypted stored document.
  9. Never reveal your password over the telephone.
  10. Never hint at the format of your password.
  11. Never reveal or hint at your password on a form on the internet.
  12. Never use the "Remember Password" feature of application programs or web browsers.
  13. Never use your network/email password on an account over the internet which does not have a secure login. A secure login web browser address starts with https:// rather than http://.
  14. Report any suspicion of your password being stolen to the Office of Technology department.
  15. Do not use common acronyms as part of your password.
  16. Do not use common words, dictionary words or reverse spelling of words in part of your password.
  17. Do not use names of people or places as part of your password.
  18. Do not use part of your username in your password.
  19. Do not use parts of numbers easily remembered such as phone numbers, social security numbers, street addresses or zip codes
  20.  Keep others from viewing your computer screen when typing your password.