Password Policies and Guidelines

Statement and Purpose


Usernames and passwords are two components of your SPU login credentials.  While there are weaknesses in all authentication systems, the proper use of your SPU password is the first step in keeping your online information safe and secure.

There are a number of policies that pertain to passwords and security involved with the privilege of utilizing computer and network resources at Seattle Pacific University. Faculty, Staff, and Students at SPU may have a variety of credentials, with differing levels of security required based on the user's role at the University. Many of these accounts will have access to important and/or confidential University information. As such, it is imperative that these credentials be managed with security and confidentiality in mind. Below are SPU's account password policies.

Your access and use of SPU technology resources must fall under SPU's Computer Acceptable Use policy.

 There are many types of Computer User Accounts and Resources that are made available to SPU faculty, staff, students, and even former students.


Table of Contents


Version: 1.0

Effective Date: May 18, 2015
Last Updated:
 June 14, 2018

Responsible Office:
Computer & Information Systems
Responsible Executive:
AVP for Information Technology/CIO



Password Policy:


  1. It is incumbent upon each SPU faculty, staff member and student to be mindful of potential information security risks and take appropriate steps to protect University resources entrusted to them via electronic means.
  2. Confirmed or suspected compromises in informational security must be immediately reported to Computer and Information Systems (CIS HelpDesk).
  3. Under no circumstances should account passwords ever be disclosed or shared.
    1. Sharing of a University issued credential constitutes fraud and violates SPU Computer User Accounts and Resources policy, federal law 18 USC 1030: Fraud and related activity in connection with computers, and is grounds for termination and prosecution.
  4. Identical passwords should not be used with different accounts. The password used for each account should different, since they are credentialed separately.
    1. Conversely, the SPU username and password is the credential used for our single-sign on system which authenticates on behalf of many SPU systems. It is not possible to manage credentials for these systems separately.
  5. Passwords should never be written down or otherwise recorded in ways that they may be found by an unauthorized person.
  6. Strong password techniques should be used. These include:
    1. Not using obvious names, identities, hobbies, etc.
    2. Not using words that can be found in the dictionary
    3. Incorporating mixed-cases, numbers, letters and special characters whenever possible.
    4. Not using words from the password blocklist of common passwords (extremely common or easily-cracked passwords).
  7. User password complexity requirements are scaled to the amount of access a user has to institutional data. Users with greater access will be required to set a more complex password.
    1. As a user’s role changes granting them access to more data, they may be required to change their password to meet the complexity requirements for their new role.
  8. Users may not re-use any password they have previously used across any of their SPU resources.
  9. When a user changes their password they will receive an email notification of such changes. If a user receives an email and they did not initiate the password change, they should immediately contact CIS.

How to Change Your SPU Password


At SPU, the same Username and Password are used for most campus resources: Banner, Canvas, Webmail/Outlook, network access, etc... Change this password through the Banner Information System.

  1. Login to Banner Information System with your SPU username and password
  2. Select the Personal Menu--> then Computer Accounts Menu
  3. Choose Change Your Password
  4. The password sync takes roughly 15 minutes to be in effect for all SPU resources.
  5. After you change your password make sure you update it on any device that might store the password (phones, tablets, etc...).


How to use a PASSPHRASE to Create a Strong Password


What makes a strong password?

  • Length - a minimum of eight characters are required for SPU accounts, but 12 characters (or more) will provide better security.
  • Complexity- use upper and lower case letters as well as numbers and special characters such as !@#$%^&*()?/[]\.

How to use a Passphrase?

  • Think of a short sentence or phrase you can easily remember. An example might be: "God is in control"
  • Add complexity to the phrase: "Godis1nC0ntrol!2016" (you now have a long, strong passphrase)

Location Tracking for SPU Credential Use


When you login to selected SPU online services (like Banner, Canvas, the SPU White Pages, and several others) you will be notified via email if the network LOCATION of that connection has never been used.

The email message will provide an approximate location (if it can be determined), time, and online service accessed. If you recognize the general location and time identified in the email alert, you can disregard the notice. If you do not recognize the location, or if the login was NOT YOU -- your SPU credential could be compromised. Please contact the CIS HelpDesk at 206-281-2982 or help@spu.edu or follow the directions below to reset your SPU password.


Consider Using a Password Manager Application


The difficulty of keeping track of different passwords for all your online services is a big challenge. You might want to consider the use of Password Manager application or service. There are many to choose from, but here are three that have been vetted by CIS:

All of these provide low cost or free personal use.


Related Policies and Procedures