|
Case has a new Password
Policy (in Final version 10/16/08) which requires robust passwords
and
reasonable password age requirements for users accessing and or
managing Tier
II and Tier III information systems. This guide summarizes
the implementation of the Password Policy by Case IT Services.
Faculty, Staff
and Students
All Faculty, Staff, and Students who access IT
systems with Tier II information are required to have complex password
credentials which are changed at a minimum on an annual
basis. Examples of Tier II information systsems are the
Student Information System (SIS) and the Human Capital Management
System (HCM). In effect, all of the IT-using population at Case
is using these systems.
Password complexity (also known as entropy) was
implemented in the Fall of 2005.
- complex passsword have eight or more characters;
- complex include at least three of the following
four categories:
- uppercase letters
- lowercase letters
- numerals
- punctuation; and,
- complex passwords shall NOT be dictionary words
(details).
- a general rule of thumb is to use a passphrase-
not a password- One way to create a strong password is to think of a
memorable phrase and use the first letter of each word as your
password, converting some letters into numbers that resemble letters.
For example, "How much wood could a woodchuck chuck, about two pounds"
would become "HmWc@wC?b##"
Maximum password age of 365 days will be
implemented during the Fall 2008 semester.
By February
12, 2009, no
user accounts will have a password age beyond the maximum.
Some
staff access Tier III systems, so their max password ages will be 180
days.
To check your password age and complexity, use
this IT Services tool: Password
Verifcation Page
ITS has created a Password Change Checklist to assist
users with planning changes for more complex computing environments.
If you are ready to change your password, use this
IT Services tool: Password
Change
Alumni
Accounts for Alumni only (not a staff or facutly who is also an Alum)
provide access to Tier
I information systems only. Please click here for more information.
Affiliates
Users with affilate accounts are to
follow the convention for their sponsors (typically the annual
requirement). If sponsored by a
department that has the 180 day age limit, the same applies.
Students, faculty, and staff from affiliate insitutions are managed the
same as Case personnel.
Password Management: The Information
Security Office recommends Case users to download and run a
PasswordSafe, a password management utility. Guides can be found
on the Case
Wiki and at SecurityAware.case.edu.
Questions or problems?
Please call the Help Desk at 216.368.HELP (216.368.4357)
|
