Modified on: Wed, July 24, 2024
Curry College Password Policy
Passwords are an important aspect of account and data access security. A poorly chosen password may result in unauthorized access and/or exploitation of Curry's resources. All users, including contractors and vendors with access to Curry’s systems, are responsible for taking the appropriate steps, as outlined below, to select and secure their passwords.
This policy establishes a standard for creation of strong passwords, their protection, and the frequency of change. The scope of this policy includes all personnel who have or are responsible for an account (or any form of access that supports or requires a password) on any system that resides at any Curry College facility, use or otherwise access or interact with the Curry College network or any Curry College technology information resource.
-
Any and all passwords, including initial passwords, must meet the following requirements when technically feasible:
-
must have a minimum length of 14 characters
-
must contain a mixture of both upper and lower-case characters
-
must include at least one (1) number and one (1) special character.
-
must be changed at least every 120 days
-
must lock a User Account after ten (10) invalid login attempts, and will require an authorized administrator to unlock the account
-
must be forced to be changed upon first use
-
must keep history for at least two (2) previous passwords
-
Passwords must be encrypted during transmission and storage including automation, scripting, and password remembering features.
-
A screensaver or a power timeout shall be configured for no greater than 30 minutes of idle activity to the extent technically feasible, and such timeout shall require password re-enter.
-
Always use different passwords for Curry College accounts from other Non-curry College access
-
Default passwords must be changed prior to system use.
-
User account passwords must not be shared with anyone.
-
Computing devices must not be left unattended without enabling a password-protected screensaver or logging off the device.
-
must not be anything that can be easily tied back to the account owner such as: username, social security number, nickname, relative’s names, birth date, etc
If the User suspects or has reason to know that the security of a password may be compromised, the password must be changed immediately. Users should immediately report the discovery to the Curry College ITS Help Desk at 617-333-2911.