- Navigation Links
- Acceptable Computer Use Policy
- Campus Password Policy
- Contacts
- Definition of Confidential Info.
- Desktop Security
- Desktop Security Audits
- Good Security Practices
- Incident Report Process/Form
- Information Security Plan
- Information Security Policy
- Supplemental I.S. Policies
- Laws & Regulations
- Application for Database
Campus Password Policy
Purpose:
In accord with the California State University Bakersfield Information Security Policy, the Information Technology Services (ITS) Policy on Passwords provides guidelines on passwords/pins for University computer systems.
Application:
This policy applies to all persons using CSUB data and systems.
A password is private information and only the person assigned to a particular userid may use the associated password. Users are responsible for safeguarding passwords for their userids. Passwords must not be shared. Users should not share their password with anyone.
Password Guidelines:
The following guidelines are to assist users with making good passwords. Each individual application used to change passwords will screen for most of these guidelines as an aid in creating secure passwords. This does not relieve a person of responsibility for creating and securing a good password.
- Make passwords significantly different from previous passwords.
- Make passwords hard to guess. It should not be information easily obtainable about you. This includes mother's maiden name, social security, telephone numbers, or birthday. It cannot be the same as the userid.
- Don't leave passwords where others can find them. Do not leave your password on a post-it taped to your monitor.
- Change passwords regularly
- Use as many characters as the system you are using allows when you create your password.
Systems that contain confidential and or personal information require the use of stronger passwords. These systems have the following password requirements:
Internet Native Banner
- Minimum Password Length 6
- At least one number and one letter
- Passwords expire every 90 days
- Can't reuse the same password for 6 months
- Account locks after 6 login attempts
Peoplesoft Finance & Human Resources
- Minimum Password Length 8
- At least one number and one letter
- Passwords expire every 90 days
- Can't reuse the last 3 passwords
- Account locks after 5 login attempts
Password Expiration:
Regular changing of passwords is a sound policy that adds to overall system security. Depending on the sensitivity of the system, passwords expire after a certain interval (example 90 days). Passwords for newly activated userids must be changed on first use. This way only the person assigned the userid knows the password. Frequent password changes lead to greater security.