NVC Password Standards
The following password standards adopted Spring 2007 are required to help safeguard and to prevent unauthorized access to student, employee, and college information stored in systems such as e-mail, Datatel, WebAdvisor, Sharepoint, and network folders. These standards are also required to ensure compliance with existing laws and regulations regarding data security and protecting the privacy of personal information.
• Be at least 8 characters in length (industry standards recommend 9).
• Be changed at least once a semester (every six months). A reminder will be displayed each day starting at thirty days prior to expiration until the password is changed. Employees returning from extended leave may need to change passwords immediately upon return (industry standards recommend 90 days but we’ve adjusted to our environment).
• Must be different from previous two passwords.
• Never be shared with anyone.
• Contain characters from at least three of the following four categories:
• English uppercase characters (A through Z)
• English lowercase characters (a through z)
• Base 10 digits (0 through 9)
• Special characters (for example, !, $, #, %)
Other Recommended Password Safeguards:
• Be different from other personal accounts such as bank accounts.
• Be changed immediately if compromised.
• Not contain significant portions of the user's account name, real name, department name, college name, etc.
• Not contain existing piece of personal identification such as SSN, Datatel ID, birth date, anniversary, kid's or pet's names.
• Not contain a complete dictionary word.
• Not be saved on computers. Some login dialog boxes present an option to save or remember a password. Selecting this option poses a potential security threat.
• Not be posted on a sticky note, under keyboard, etc.
• Avoid entering passwords while someone may be looking at your keyboard (also known as "shoulder surfing"). Passwords should be able to be typed quickly, without having to look at the keyboard. This makes it harder for someone to steal your password by shoulder surfing. Computer etiquette is to look away while others are logging on.
• Lock your system with Ctrl+Alt+Delete or Windows key+L when away from the PC, even for a couple of minutes.
Notes concerning WebAdvisor: It may be simpler if you change both your WebAdvisor and Network passwords to match (so you only have one to remember). If you do, keep in mind that WebAdvisor does not accept passwords longer than nine characters and has problems with some special characters.
Further Background Information:
• Passwords are a weak link – other security measures and devices cannot make up for the security risk of weak, shared, or unchanged passwords.
• The need for a password policy was reported in NVC security assessments facilitated by the Chancellor’s Office.
• Hackers now include international crime groups focused on financial gain. The prime victims of identity theft are college age.