Skip to end of metadata
Go to start of metadata

1.0 Overview

Passwords are an important aspect of computer security. They are the front line of protection for user accounts. A poorly chosen password may result in the compromise of Clarkson's entire network. As such, all Clarkson faculty, staff, and students (including contractors and vendors with access to Clarkson systems) are responsible for taking the appropriate steps, as outlined below, to select and secure their passwords. 

2.0 Purpose

The purpose of this policy is to establish a standard for creation of strong passwords, the protection of those passwords, and the frequency of change.

3.0 Scope

The scope of this policy includes all personnel who have or are responsible for an account (or any form of access that supports or requires a password) on any system that resides at any Clarkson facility, has access to the Clarkson network, or stores any non-public Clarkson information.

4.0 Policy

All student, faculty and staff passwords must follow the requirements below:

    • Must contain at least 8 characters
    • Must contain a mix of upper-case, lower-case, and number/symbols
    • Must be different from the most-recent password (1 password history retained)
    • Must not be shared with any other user
    • Should not contain a word in any language, slang, dialect, jargon, etc.
    • Should not contain a sequence, forwards or backwards (e.g., 1234, abcd)
    • Encouraged to be changed every 365 days (1 year)
    • Must be changed when directed by the CIO or IT Directors 

All system-level/administrator passwords must follow all requirements for student, faculty and staff passwords, plus the requirements below:

    • Must contain at least 16 characters
    • Must be changed every 365 days (1 year)
    • Must be different from the 20 most-recent passwords (20 password histories retained)
    • Must be changed following the departure of a system administrator

Passwords must not be inserted into external email messages or other forms of external electronic communication.

5.0 Enforcement

6.0 Definitions