BVU Password Policy

Buena Vista University

Here is an Adobe Acrobat PDF version for easy printing.

Purpose

Passwords are a critical part of information and network security. Passwords serve to protect user accounts, but a poorly chosen password, if compromised, could put the entire network at risk. As a result, all faculty, students and employees of Buena Vista University should take appropriate steps to ensure that they create secure passwords and keep them safeguarded at all times.

Scope

This policy applies to all faculty, students, employees and/or contractors of Buena Vista University who have or are responsible for a computer account, or any form of access that supports or requires a password, on any system that resides at any Buena Vista University facility, has access to the Buena Vista University network, or stores any non-public Buena Vista University information.

Policy

General

  1. Passwords must contain at least 8 characters.
  2. Passwords must contain at least 1 numerical character (e.g., 0-9) or 1 special character (e.g., &, !, *, +).
  3. Passwords must be changed every 6 months.
  4. Old passwords cannot be re-used.
  5. Temporary passwords that are issued to users must be changed on first use.
  6. Passwords must not be based on the university’s name or geographic location.

Password Construction Guidelines

Passwords are used to access any number of university systems, including the network, e-mail, the Web, and voicemail. Less than secure passwords are easily cracked, and put the entire system at risk. All passwords should conform to the guidelines outlined below.

  1. Passwords should not be based on well-known or easily accessible personal information.
    • Passwords should not be based on a user's personal information or that of his or her friends, family members, or pets. Personal information includes BVU Net I.D., name, birthday, address, phone number, social security number, or any permutations thereof.
  2. Passwords should contain uppercase letters (e.g. N) and lowercase letters (e.g. t).
  3. Passwords should not be words that can be found in a standard dictionary (English or foreign) or are publicly known slang or jargon.
  4. Try to create a password that is also easy to remember.
    • The use of so-called "first-character" passwords makes it easy to comply with these guidelines. To do this, compose an easily-remembered sentence (for example, "I have worked here for 2 years") then use the first character of each word to form the password; and with adding a symbol for added security, that is "Ihwhf2y$". Such a password need not be written down, and almost certainly cannot be guessed.

Password Protection Guidelines

  1. Passwords should be treated as confidential information.
  2. If someone demands your password, refer them to this policy or have them contact the Information Services Department.
  3. Passwords should not be transmitted electronically over the unprotected Internet, such as via e-mail. However, passwords may be used to gain remote access to university resources via BVU's Virtual Private Network (VPN).
  4. You should not keep an unsecured written record of your passwords, either on paper or in an electronic file. If it proves necessary to keep a record of a password, then it must be kept in a controlled access safe if in hardcopy form or in an encrypted file if in electronic form.
  5. Please do not use the "Remember Password" feature of applications.
  6. Passwords used to gain access to university systems should not be used as passwords to access non-university accounts or information. For example, you should not use the same password for your online banking tool as your university email account.
  7. You should not use the same password to access multiple university systems. For example using the same password for mission critical systems is discouraged.
  8. If an employee either knows or suspects that his/her password has been compromised, it must be reported to the Information Services Department and the password changed immediately.

Get started changing your password.

Glossary

Information Security
Information security refers to protecting information and information systems from unauthorized access, use, disclosure, disruption, modification or destruction.
Network
or "computer network," often simply referred to as a network, is a collection of computers and devices connected by communications channels that facilitates communications among users.
Online banking
Online banking (or Internet banking) allows customers to conduct financial transactions on a secure website operated by their bank.
Virtual Private Network (VPN)
A virtual private network (VPN) protects data transfers between two or more networked so as to keep the transferred data private from other devices on one or more intervening local or wide area networks.

2fix

 
© BUENA VISTA UNIVERSITY    610 W. 4TH STREET     STORM LAKE, IOWA 50588     800.383.9600    |    Contact Us     A-Z Index