ACCOUNT PASSWORD & SECURITY POLICY ESSENTIALS
Smith College provides every community member with an on-line user account uniquely linked to that person. It proves your identity, authorizes you to access and control important personal and institutional information, grants rights to licensed resources, and allows others to trust the identity of the person linked to an account. It is your responsibility to safeguard your account and your online identity, and guard against unauthorized access and use of your account.
The password for your account is the sole key for protecting your account. Therefore, the strength and privacy of that password is of paramount importance.
Password composition requirements
Safe handling requirements
Unauthorized use
Exceptions
Additional resources
Password Composition Requirements
The Smith College Account Password & Security Policy mandates certain minimum requirements for users when creating your Smith account password. The primary elements of a minimally strong password are :
- A minimum password length of eight characters
- A minimum of five unique characters
- A maximum of two consecutive repeating characters ("eeMe" is ok, "Meee" is not)
- At least one lower case letter
- At least one UPPER case letter
- At least one numeric digit ("1" is ok, "one" is not)
- At least one special (non-alphanumeric) character, such as ! : $ *
In addition, passwords may not include your username or your full name as part of the password. While not a requirement, we also recommend avoiding strings of 3 or more sequential letters (abc) or numbers (567) in your password.
A note on special characters: In rare cases, some non-alphanumeric characters may cause potential problems with services like Banner job submission. If you use those services, the policy recommends avoiding the following special characters:
@ & " ( ) , < > ` ; =
Important: Smith College has decided that once you begin using a sufficiently strong and secure password, we will no longer require you to change your password on a regular basis. However, we still strongly recommend that you change your password periodically.
Back to top >
The Account Password & Security Policy also explicity requires the following safe handling practices:
- Documented passwords must always be stored securely (encrypted or in a locked container.)
- NEVER SHARE (or reveal) your password to ANYONE!
Note that ITS will never ask you to give us your password, whether by email, over the phone, or otherwise.
Do NOT share your password with your colleague, parents, significant other, roommate, or friend! Please, keep your password PRIVATE!
We also strongly recommend that your keep your Smith network password UNIQUE, and not use it for any other online resource.
The policy states that any unauthorized acquisition or use of identity credentials is prohibited.
A failure to comply with this policy could result in judicial board review for students, or a reprimand or possible termination for employees.
Please note that this policy specifically applies to Smith general individual accounts only, but should be used as a minimum guideline for systems or services that implement identity credentials internally or via some other source.
Also, please note that accounts for select users who have access to "classified information" or authorized access to select services may be required to implement stricter requirements than those specified in this policy.
Back to top >
Additional Resources
For additional information about creating strong passwords, see:
- http://xkcd.com/936/
- http://hitachi-id.com/password-manager/docs/choosing-good-passwords.html
- http://www.zdnet.com/blog/igeneration/how-do-i-create-a-secure-password-infographic/14218
- http://en.wikipedia.org/wiki/Password_strength
The NIST Guide to Enterprise Password Management document below discusses best practices for password management:
http://csrc.nist.gov/publications/drafts/800-118/draft-sp800-118.pdf
