Versions Compared

Version Old Version 1 New Version 2
Changes made by

Micah Schaafsma

Micah Schaafsma

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Introduction

There are a number of policies that pertain to passwords and security involved with the privilege of utilizing computer and network resources at Seattle Pacific University. Faculty, Staff, and Students at SPU may have a variety of credentials, with differing levels of security required based on the user's role at the University. Many of these accounts will have access to important and/or confidential University information. As such, it is imperative that these credentials be managed with security and confidentiality in mind. Below are SPU's account password policies.

Download Policy as PDF

Table of Contents

Table of Contents
maxLevel2
indent20px

Effective Date: May 18, 2015

Password Policy

  1. It is incumbent upon each SPU faculty, staff member and student to be mindful of potential information security risks and take appropriate steps to protect University resources entrusted to them via electronic means.
  2. Confirmed or suspected compromises in informational security must be immediately reported to the Computer and Information Systems (CIS) Help Desk.
  3. Under no circumstances should account passwords ever be disclosed or shared.
  4. Identical passwords should not be used with different accounts. The password used for each account should different, since they are credentialed separately.
    1. Conversely, the SPU username and password is the credential used for our single-sign on system which authenticates on behalf of many SPU systems. It is not possible to manage credentials for these systems separately.
  5. Passwords should never be written down or otherwise recorded in ways that they may be found by an unauthorized person.
  6. Strong password techniques should be used. These include:
    1. Not using obvious names, identities, hobbies, etc.
    2. Not using words that can be found in the dictionary
    3. Incorporating mixed-cases, numbers, letters and special characters whenever possible.
    4. Not using words from the password blacklist of common passwords (extremely common or easily-cracked passwords).
  7. User password complexity requirements are scaled to the amount of access a user has to institutional data. Users with greater access will be required to set a more complex password.
    1. As a user’s role changes granting them access to more data, they may be required to change their password to meet the complexity requirements for their new role.
  8. Users whose accounts have been compromised will be prohibited from re-using previous passwords for a period of one year to ensure that compromised credentials are not re-used and users do not inadvertently re-compromise their account.
  9. When a user changes their password they will receive an email notification of such changes. If a user receives an email and they did not initiate the password change, they should immediately contact CIS.