Campus Password Policy
1.0 - Overview
This is an overview of the Password Policy.
1.1 - Purpose:
Establish a Password Policy Standard for CSUB employees.
1.2 - Scope:
This policy applies to all CSUB employees.
1.3 - Background
A password is private information and only the person assigned to a particular account should use the associated password. Users are responsible for safeguarding passwords for their accounts.
2.0 - Policy:
- Not contain the user's account name or parts of the name that exceed two consecutive characters
- Be at least eight characters in length
- Contain characters from three of the following four categories:
- Uppercase characters (A through Z)
- Lowercase characters (a through z)
- Numbers (0 through 9)
- Non-alphanumeric characters (for example, !, $, #, %)
- Changed at least once per year
3.0 - Controls
Systems incapable of enforcing compliant passwords shall have user enforced compliant passwords. If compliant passwords are not permitted then other mitigating controls, determined on a case by case basis, shall be user enforced; e.g. shorter password lifetimes, longer passwords, or inactivity screen locks.