CASE.EDU:    HOME | DIRECTORIES | SEARCH

Case Western Reserve University

Information
Technology
Services

 
 

Password Management Guidelines

Case has a new Password Policy (in Final version 10/16/08) which requires robust passwords and reasonable password age requirements for users accessing and or managing Tier II and Tier III information systems.  This guide summarizes the implementation of the Password Policy by Case IT Services.

Faculty, Staff and Students

All Faculty, Staff, and Students who access IT systems with Tier II information are required to have complex password credentials which are changed at a minimum on an annual basis.   Examples of Tier II information systsems are the Student Information System (SIS) and the Human Capital Management System (HCM).  In effect, all of the IT-using population at Case is using these systems.

Password complexity (also known as entropy) was implemented in the Fall of 2005.

  • complex passsword have eight or more characters;
  • complex include at least three of the following four categories:
    • uppercase letters
    • lowercase letters
    • numerals
    • punctuation; and,
  • complex passwords shall NOT be dictionary words (details).
  • a general rule of thumb is to use a passphrase- not a password- One way to create a strong password is to think of a memorable phrase and use the first letter of each word as your password, converting some letters into numbers that resemble letters. For example, "How much wood could a woodchuck chuck, about two pounds" would become "HmWc@wC?b##"

Maximum password age of 365 days will be implemented during the Fall 2008 semester. 

By February 12,  2009, no user accounts will have a password age beyond the maximum. 

Some staff access Tier III systems, so their max password ages will be 180 days.

To check your password age and complexity, use this  IT Services tool: Password Verifcation Page

ITS has created a Password Change Checklist to assist users with planning changes for more complex computing environments.

If you are ready to change your password, use this IT Services tool:  Password Change

Alumni

Accounts for Alumni only (not a staff or facutly who is also an Alum) provide access to Tier I information systems only.   Please click here for more information.

Affiliates
Users with affilate accounts are to follow the convention for their sponsors (typically the annual requirement).  If sponsored by a department that has the 180 day age limit, the same applies.  Students, faculty, and staff from affiliate insitutions are managed the same as Case personnel.


Password Management:  The Information Security Office recommends Case users to download and run a PasswordSafe, a password management utility.  Guides can be found on the Case Wiki and at SecurityAware.case.edu.



Questions or problems?
Please call the Help Desk at 216.368.HELP (216.368.4357)

 

 

Page Last Updated:Thursday January 15, 2009 at 10:02:47