Effective Date: August 11, 2011
Last Reviewed: August 11, 2011


Purpose and Scope:

The Account Password Policy describes Stonehill College’s standard for creation of account user names and strong passwords, the protection of those passwords, and the frequency of change.

These requirements are necessary to ensure personal security and protect business, academic and research interactions throughout the College. A poorly chosen password may result in the compromise of Stonehill College's services and information. As such, all Stonehill College faculty, staff and students as well as contractors, vendors and external groups with access to Stonehill College systems are responsible for taking the appropriate steps, as outlined below, to select and/or secure their passwords.

The scope of this policy includes all personnel who have or are responsible for an account (or any form of access that supports or requires a password) on any system that resides at any Stonehill College facility, has access to the Stonehill College network, or stores any non-public Stonehill College information.

This policy will apply to both user passwords (e.g. Stonehill Domain,) and network/system passwords (e.g. Server administration, Database, Application, Network equipment) with rules corresponding to each.

Policy:

The Stonehill Account is a User ID/Password combination that serves as the primary digital identity at Stonehill College. Until such a time as a single user logon can be established, additional User ID/Passwords may be required to access certain College systems and applications.

All user names must meet established standards for the various types of accounts at Stonehill College.

All passwords must be strong, i.e. at least 8 characters long and utilize a combination of the 4 character sets except where technically infeasible:

o Upper Case Alpha (A - Z)

o Lower case Alpha (a – z)

o Numeric (0 – 9)

o Special Characters, where allowed (!@#$%^&*()_+|~-=\`{}[]:";'<>?,./)

Passwords will expire regularly based on standards set by Information Technology and the previous 6 passwords cannot be reused.

Passwords are to be treated as sensitive, confidential Stonehill College information and should never be written down, shared, or stored on-line unless adequately secured (i.e. encrypted). They must not be inserted into email messages, telecommunications or other forms of electronic communication.

Do not use the same password for Stonehill College accounts as for other non-Stonehill College access.