I. Purpose
Passwords are a critical aspect of computer security forming the front line of protection for user accounts. A poorly chosen password can result in:
- Loss or exposure of highly restricted and/or restricted data
- Individual system compromise
- Compromise of enterprise network
As such, all individuals with access to Illinois State University's information technology resources, computers, networking systems, information and data, collectively defined here as ISU Information Technology Resources and Systems are responsible for taking the appropriate steps, as outlined below, to select and secure passwords used to access ISU Information Technology Resources and Systems.
II. Password Requirements
All system authentication credentials and passwords must be used in accordance with the University Appropriate Use Policy (9.2). This policy prohibits a user from sharing or allowing another individual to use their password.
- All passwords must adhere to the following standards to ensure complexity and increase security:
- Must be a minimum of 10 characters in length
- Must contain characters from the following 3 classes:
- UPPERCASE letters (A-Z)
- Lowercase letters (a-z)
- Numbers (0-9)
- May contain characters in the following 2 classes:
- Punctuation (.,?!;:)
- Special character: (@#$%^&*()_+|~-=\ {}[]"'<>/)
- Must NOT contain your first name, last name, or your ULID
- Must NOT contain your birthday
- Is case-sensitive.
- May not be reused for four consecutive changes.
- Your account will be locked out for 15 minutes after 5 consecutive unsuccessful attempted logons.
- All temporary passwords must be changed at first logon.
- Default passwords will not be used on any University system. All administrators shall ensure default passwords are changed to ensure security of the systems.
- Passwords must change every 180 days or the account will be locked.
- If an account or password is suspected to have been compromised, report the incident to the Technology Support Center and immediately change all associated passwords.
- If a breach occurs the offending account will be automatically locked and the password will need to be reset.
Note: For assistance with password-related issues contact the Technology Support Center at (309) 438-HELP (4357) or supportcenter@IllinoisState.edu. For Guidelines and Best Practices see the Technology Support Center knowledge base article Guidance for setting strong passwords at the Help Desk Website.
III. Compliance and Enforcement
Any user of ISU Information Technology Resources and Systems who violates University policies, procedures or applicable local, state or federal laws may be subject to the appropriate disciplinary actions up to and including discharge, termination, or dismissal. Divisions and departments shall not adopt rules and regulations that reduce full compliance with applicable local, state or federal laws or the policies and procedures of the University.