Password Security Update
Because of the increase in security awareness everywhere it has been determined that Valencia faculty, staff and students are required to change their network password every 180 days. There is a certain complexity to the password that you pick to make sure it is a secure password and not easily guessed by others. Here is what will be required:
- All passwords are required to meet the “strong password” definition.
- Passwords must be at least eight characters in length.
- Passwords must consist of a combination of three (3) of the following four (4) categories: Upper case letters, Lower case letters, Numerals and special characters.
- Passwords cannot contain a dictionary word.
- Passwords cannot contain all or part of your user id.
- Passwords cannot match any of your ten previous passwords.
This will only be required every 180 days (6 months). You will start to get warnings prompting you to change your password 14 days before it is due and each day until it does expire. If you do not change the password before it expires then you will be forced to change it before logging in. Should you need assistance please contact the Helpdesk for assistance at x5555 or by email at OITServiceDesk@valenciacollge.edu.
Password Procedure
PROCEDURE STATEMENT
This procedure establishes a standard for creation of strong passwords and protection of those passwords within the Microsoft Active Directory/Exchange email system. This procedure applies to all persons who have, or are responsible for, an account on any system accessed on the Valencia College network or computer systems.
DEFINITIONS
Expiration: Date at which password for access to College systems is required to be changed meeting strong password standards.
PROCEDURES and RESPONSIBILITIES
Users are responsible for assisting in the protection of the network and computer systems they use. The integrity and secrecy of an individual's password is a key element of that responsibility. Each individual has the responsibility for creating and securing an acceptable password per this procedure. Failure to conform to these restrictions may lead to the suspension of rights to College systems or other action as provided by College Policy, State or Federal law.
Password Creation Rules:
Passwords are initially assigned when a new account is created. Upon initial logon users have the right and the ability to change passwords on their Active Directory/Exchange accounts at any time. Users will be prompted to change their password the first time.
- All passwords are required to meet the “strong password” definition.
- Passwords must be at least eight characters in length.
- Passwords must consist of a combination of three (3) of the following four (4) categories: Upper case letters, Lower case letters, Numerals and special characters.
- Passwords cannot contain a dictionary word.
- Passwords cannot contain all or part of your user id.
- Passwords cannot match any of your ten previous passwords.
Password Expiration:
Passwords will expire on a 180-day cycle (6 months). Advance warnings of upcoming password expiration will be sent to the designated account holder via campus e-mail beginning 30 days prior to expiration, with repeated reminders several times thereafter until the expiration date.
Any account holder may change his or her password at any time through the forgot password link (an online password reset utility). It is not necessary to wait for expiration.
Passwords should be changed immediately and the Office of Information Technology notified whenever there is a belief that the password has been compromised.
Desktop/Laptop Password Security
All Desktops and Laptops must have a password enabled screensaver and timeout set to no more than 5 minutes.
NOTE: Password changes will also affect Smartphone’s and PDA’s that check Outlook emails. User will need to change this manually.