About This Policy1.0 PurposeThis policy describes the University’s requirements for acceptable password selection and maintenance. It provides guidance on creating and using passwords in ways that maximize security of the password and minimize misuse or theft of the password. Passwords are the most frequently utilized form of authentication for accessing a computing resource. Due to the use of weak passwords, the proliferation of automated password-cracking programs, and the activity of malicious hackers and spammers, they are very often also the weakest link in securing data. Passwords must, therefore, follow the policy guidelines listed below. Show
2.0 ScopeThis policy applies to anyone accessing systems that hold or transmit Montclair State University data. Systems include, but are not limited to personal computers, laptops, Montclair State-issued cell phones, and small factor computing devices (e.g., tablets, USB memory keys, electronic organizers), as well as Montclair State electronic services, systems and servers. This policy covers departmental resources as well as resources managed centrally. 3.0 PolicyAll passwords (e.g., email, web, desktop computer, laptop, mobile device, etc.) should be strong passwords and should follow the guidelines below. In general, a password’s strength will increase with length, complexity and frequency of changes. Greater risks require a heightened level of protection. Stronger passwords augmented with alternate security measures such as multi-factor authentication should be used in such situations. High-risk systems include but are not limited to: systems that provide access to critical or sensitive information, controlled access to shared data, a system or application with weaker security, and administrator accounts that maintain the access of other accounts or provide access to a security infrastructure. Central and departmental account managers, data trustees, and security and/or system administrators are expected to set a good example through a consistent practice of sound security procedures.
3.1 Client device (desktop/laptop) Administrator PasswordsIn addition to the general password guidelines listed above in Section 3.0, the following apply to desktop administrator passwords, except where technically and/or administratively infeasible:
3.2 Server Administrator PasswordsIn addition to the general password guidelines listed above in Section 3.0, the following apply to server administrator passwords, except where technically and/or administratively infeasible
NOTE: Log files should never contain password information. View Information Technology PoliciesView Technology PoliciesView All Policies What are 3 guidelines to consider when creating secure passwords?CHARACTERISTICS OF STRONG PASSWORDS. At least 12 characters (required for your Muhlenberg password)—the more characters, the better.. A mixture of both uppercase and lowercase letters.. A mixture of letters and numbers.. Inclusion of at least one special character, e.g., ! @ # ? ]. Which of the following are common safe ways to update your password?Here are my seven tips to change your password today and reduce your exposure to various online risks.. Use Two Factor Authentication when Possible. ... . Make Passwords Complicated. ... . Change Passwords Often. ... . Consider a Password Manager. ... . Don't Fully Trust Your Browser. ... . Don't Use Personal Information. ... . Never Use Just One Password.. What are the 4 recommended password practices?Password Best Practices. Never reveal your passwords to others. ... . Use different passwords for different accounts. ... . Use multi-factor authentication (MFA). ... . Length trumps complexity. ... . Make passwords that are hard to guess but easy to remember.. Complexity still counts. ... . Use a password manager.. Which statements are true for a strong password?This is a great example of a strong password. It's strong, long, and difficult for someone else to guess. It uses more than 10 characters with letters (both uppercase and lowercase), numbers, and symbols, and includes no obvious personal information or common words.
|