| Page properties | ||||||||
|---|---|---|---|---|---|---|---|---|
| ||||||||
|
| Panel | ||||
|---|---|---|---|---|
| ||||
Password Policy |
| Panel | ||||||||
|---|---|---|---|---|---|---|---|---|
| ||||||||
Issuing OfficeInformation Services Affected PartiesStudents, Faculty, Staff, Alumni Policy LanguageAll Liberty University systems will be accessed via a user account that is protected by a password that meets standardized strength checks (as defined below) to improve protection against hacking attempts |
and ensure compliance with Payment Card Industry (credit card merchant) regulations. Policy RationaleThis policy defines the necessity for adequate password protection of all Liberty University network user accounts. Definition of Glossary TermsNone specified |
| Panel | ||||||||
|---|---|---|---|---|---|---|---|---|
| ||||||||
Procedures1. General password standards.1.1. All users shall avoid keeping a record (e.g., paper, software file or hand-held device) of passwords, unless this can be stored securely. 1.2. Users shall change passwords whenever there is any indication of possible system or password compromise 1.3. Users shall not share individual user passwords. Liberty University will never ask a user for their password. 1.4. Users shall not use the same password for business and non-business purposes. 2. Students and Alumni passwords.2.1. Must be a minimum of eight (8) characters in length. 2.2. Must contain at least 3 of the following character sets: 2.2.1. Upper case alphabetic (A-Z) 2.2.2. Lower case alphabetic (a-z) 2.2.3. Numerals (0-9) 2.2.4. Special characters (%, +, , !, #, ^, ?, :, ., ~, -, _) 2.2.4.1. NOTE: the following special characters are prohibited: $ & ; ( ) [ ] { } " ' ` * @ / 2.3. The alphabetic portion must not be a single common dictionary word. For example, ‘Liberty1’ is prohibited. Multi-word phrases such as, ‘2BigBoxes’ are allowed. 2.4. |
The new password cannot be the same as any of the previous 10 passwords that the student or alumnus has used. 3. Faculty and Staff passwords.3.1. Must be a minimum of ten (10) characters in length. 3.2. Must contain at least 3 of the following character sets: 3.2.1. Upper case alphabetic (A-Z) 3.2.2. Lower case alphabetic (a-z) 3.2.3. Numerals (0-9) 3.2.4. Special characters (%, +, , /, !, #, ^, ?, :, ., ~, -, _) 3.2.4.1. NOTE: the following special characters are prohibited: $ & ; ( ) [ ] { } " ' ` * @ 3.3. The alphabetic portion must not be a single common dictionary word. For example, ‘Liberty1’ is prohibited. Multi-word phrases such as, ‘2BigBoxes’ are allowed. 3.4. Faculty and staff must change their passwords |
annually. 3.5. The new password cannot be the same as any of the previous 10 passwords that the faculty or staff member has used. 4. IT System Administrator passwords.4.1. Must be a minimum of fifteen (15) characters in length. 4.2. Must contain at least 3 of the following character sets: 4.2.1. Upper case alphabetic (A-Z) 4.2.2. Lower case alphabetic (a-z) 4.2.3. Numerals (0-9) 4.2.4. Special characters (%, +, , /, !, #, ^, ?, :, ., ~, -, _) 4.2.4.1. NOTE: the following special characters are prohibited: $ & ; ( ) [ ] { } " ' ` * @ 4.3. The alphabetic portion must not be a single common dictionary word. For example, ‘Liberty1’ is prohibited. Multi-word phrases such as, ‘2BigBoxes’ are allowed. 4.4. IT System Administrators must change their passwords |
at least annually. 4.5. The new password cannot be the same as any of the previous 10 passwords that the IT System Administrator has used. 5. Password Lockouts and Resets.5.1. In almost all cases, users will be able to reset passwords without assistance from the IT Helpdesk. If a user makes 5 faulty attempts when entering his or her password, the account will be locked. It will unlock automatically 30 minutes later so that they can reset their password without IT assistance. SanctionsNone specified ExceptionsNone Date of Last Review12/ |
2022 Date for Review12/2023 |