Password Policy | Spalding University Policy Guide

1.4.13: Password Policy

Effective January 15, 2024


The purpose of this password policy is to establish guidelines for creating strong, secure passwords for user accounts at Spalding University. This policy aims to enhance the security of information systems and protect sensitive data against unauthorized access.

This policy applies to all students and employees of Spalding University who have access to University information systems and resources.

 

Password Creation Guidelines

Passwords must be a minimum of 12 characters in length.

Passwords must not be shared with others, including colleagues, friends, or family.

Users are responsible for keeping their passwords confidential and should not write them down or store them in an insecure manner.

 

Complexity Requirements

Passwords must contain characters from at least three of the following four categories:

Uppercase letters (A-Z)

Lowercase letters (a-z)

Numbers (0-9)

Special characters (e.g., !, @, #, $, %, ^, &, *)

The University authentication system, Microsoft Entra, will also prevent users from creating easily guessed, common passwords, or known compromised passwords.

 

Password Change and Expiration

Employees and student workers are required to change their passwords at least every 90 days. Students are required to change their passwords every 180 days.

Passwords cannot be reused for at least six consecutive password changes.

 

Account Lockout Policy

After five consecutive failed login attempts, an account will be temporarily locked for a period of 15 minutes.

 

Multi-Factor Authentication (MFA)

Multi-Factor Authentication is required for all user accounts and will be enforced for accessing sensitive systems or data, such as Student Self-Service.

 

Sharing Passwords

Sharing your username and password with others is prohibited. Sharing accounts violates the “Use Policy” and may also violate FERPA and other privacy regulations.  Non-compliance with this policy may result in the temporary suspension of account access, and repeated violations may lead to disciplinary action, including termination for employees or expulsion for students.

Review and Updates

This policy will be reviewed annually and updated as needed to address changes in technology, security threats, or organizational requirements.

By following these guidelines, Spalding University aims to maintain a secure computing environment and protect the confidentiality and integrity of its information systems.