Strong Password
Requirements
Strong passwords are an important aspect of computer security. They are
the front line of protection for user accounts. Inadequate userids and
passwords are on the SANS (SysAdmin, Audit, Network, Security) Institute’s
list of Top Ten Security Threats. Additionally, the HIPAA Privacy and
Security regulations require greater password management vigilance to
protect patient information. To mitigate security threats and to comply
with the HIPAA regulations, ISU implemented strong passwords on April
14, 2003. Strong passwords must be constructed in the manner described
below
- Password length must be a minimum of seven (7) characters.
- Passwords must be changed every 180 days.
- Passwords must contain characters from at least three (3) of the following
four (4) classes:
- Upper case letters (A, B, C, ….Z)
- Lower case letters (a, b, c, ….z)
- Numbers (0,1, 2, …9)
- Non-alphanumeric (“special characters”) such as punctuation
symbols
- Passwords must be sufficiently complex so as not to be a common usage
word or a word found in the English dictionary.
- Passwords may not contain your user name or any part of your full
name.
- Password history is kept to prevent the reuse of the last six (6)
passwords.
- Five (5) invalid attempts to enter a userid and password will result
in an account lockout for 30 minutes.
- Contact the ISU Helpdesk at 502-1919 for assistance if an expedited
account unlock is necessary.
- Passwords will be audited periodically for compliance by using automated
password-cracker software.
|
