Scope
This standard applies to:
- All computing resources with access control and using a password for authentication purposes.
- Any computer (physical or virtual) connecting to the UTRGV network through wired, wireless, or VPN (virtual private network) connection.
It does not apply to system service accounts.
Audience
All users of computing and network resources owned or leased by UTRGV, including but not limited to all students, faculty, and staff.
Definitions
None.
Standard
5.1 Password Characteristics
5.1.1 Composed of case-sensitive letters and digits.
5.1.2 At least 10 characters in length.
5.1.3 Must meet three (3) out of the following:
Minimum 1 English uppercase letter.
Minimum 1 English lowercase letter.
Minimum 1 digit (0-9).
Minimum 1 special character.
Special characters allowed: `~!#$^()_+-={}|[]\:;>?,./
For example: S+r0ngP4ssw)rd
5.2 Invalid Password Information
5.2.1 Must not include personal information such as your first or last name, phone number, social security number, date of birth, or address.
5.2.2 Must not contain words found in a dictionary (English or foreign language), acronyms, or popular phrases.
5.2.3 Must not contain the user's account name or respective UTRGV ID (student or employee) number.
5.2.4 Must not be a previously used password.
5.3 Password Change Frequency
5.3.1 All passwords must be changed at least once a year.
Roles and Responsibilities
6.1 Information Security Office
Define and maintain this standard to a level that defines the necessary practices to protect all computing resources using passwords for authentication.
6.2 End-User
Ensures that all of the accounts they use to access UTRGV resources meets this standard.
Non-Compliance and Exceptions
If any of the requirements outlined within this standard cannot be met on applicable information resources you use or support, the Security Exception Process must be followed to address any associated risks until the standard can be met.
Any devices that do not adhere to this standard may lose access to UTRGV resources.
Non-compliance with this standard may result in the notification of supervisors and may be subject to disciplinary action in accordance with applicable UTRGV rules and policies.
Related Policies, Standards, and Guidelines
Revision History
Version |
Date |
New |
1.0 |
September 2019 |
Web Page Created |