Account Security Guidelines

ITS uses the following user account security parameter settings as a default minimum guideline for all systems where they can be implemented.

• Minimum password length of six characters.
  
• Passwords must include non-alpha characters.
  
• Password expiration interval of 90 days.
  
• Passwords must be unique within a password history of eight.
  
• Limit of two simultaneous logins.
  
• Automatic lockout of a username when the following intrusion-detection thresholds are reached:
  
  
  • Threshold levels: Lockout after five failed login attempts
    
  • Lockout interval: Five minutes
    

Note: These guidelines are not consistently implemented by default across all accounts on all systems. Some systems are not able to implement all the account parameters outlined above.