ACCOUNT PASSWORD & SECURITY POLICY ESSENTIALS
Smith College provides every community member with an on-line user account uniquely linked to that person. It proves your identity, authorizes you to access and control important personal and institutional information, grants rights to licensed resources, and allows others to trust the identity of the person linked to an account. It is your responsibility to safeguard your account and your online identity, and guard against unauthorized access and use of your account.
The password for your account is the sole key for protecting your account. Therefore, the strength and privacy of that password is of paramount importance.
Password composition requirements
Safe handling requirements
The Smith College Account Password & Security Policy mandates certain minimum requirements for users when creating your Smith account password.
Note that the rules for constructing a new network password will change on January 14th. Your current password will continue to work indefinitely, but starting January 14th, if you choose to reset it, your new password must be at least 14 characters long.
This change reflects new research showing that a sufficiently long password is harder to hack than a shorter password, even a very strong shorter password.
To make your new long password easy to remember, you can now use any combination of letters (upper or lower case), numbers, or special characters* you want – anything except your first name, last name, or username.
*Allowable special characters are those that can be entered using a standard English QWERTY keyboard, with or without the Shift key.
So try out your favorite song lyric, your lucky numbers, or a friend's childhood street address, as long as you end up with at least 14 characters.
A note on special characters: In rare cases, some non-alphanumeric characters may cause potential problems with services like Banner job submission. If you use those services, we recommend avoiding the following special characters:
@ & " ( ) , < > ` ; =
Important: ITS no longer requires you to reset your password on regular basis. However, we still strongly recommend changing your password periodically.
Back to top >
The Account Password & Security Policy also explicity requires the following safe handling practices:
- Documented passwords must always be stored securely (encrypted or in a locked container.)
- NEVER SHARE (or reveal) your password to ANYONE!
Note that ITS will never ask you to give us your password, whether by email, over the phone, or otherwise.
Do NOT share your password with your colleague, parents, significant other, roommate, or friend! Please, keep your password PRIVATE!
We also strongly recommend that your keep your Smith network password UNIQUE, and not use it for any other online resource.
The policy states that any unauthorized acquisition or use of identity credentials is prohibited.
A failure to comply with this policy could result in judicial board review for students, or a reprimand or possible termination for employees.
Please note that this policy specifically applies to Smith general individual accounts only, but should be used as a minimum guideline for systems or services that implement identity credentials internally or via some other source.
Also, please note that accounts for select users who have access to "classified information" or authorized access to select services may be required to implement stricter requirements than those specified in this policy.
Back to top >
The NIST Guide to Enterprise Password Management document below discusses best practices for password management: